pgporada/Lets Encrypt

## Lets Encrypt
#!/bin/bash
# AUTHOR: Phil Porada and some of this https://gist.githubusercontent.com/erikaheidi/b217d927ee326075a854/raw/47e09ca519c323ff8705e380202b1269c654000c/le-renew-centos.sh

# phil-listdomains returns lines as follows
######
# www.example.com
# dev.whatever.net
# test.fakedomain.org

for i in $(/bin/phil-listdomains); do
    SUB=$(echo ${i} | cut -d . -f1)
    DOMAIN=$(echo ${i} | cut -d . -f2)
    TLD=$(echo ${i} | cut -d . -f3)

    if [ $SUB == www ]; then
        URL=$DOMAIN.$TLD
    else
        URL=$SUB.$DOMAIN.$TLD
    fi

    CERT=/etc/letsencrypt/live/$URL/fullchain.pem

    if [ ! -f /etc/letsencrypt/live/$URL/fullchain.pem ]; then
        echo "Certificate file not found for $URL"
    else
        EXP=$(date -d "$(openssl x509 -in $CERT -text -noout | grep "Not After" | cut -c 25-)" +%s)
        DATENOW=$(date -d "now" +%s)
        DAYS_EXP=$(echo \( $EXP - $DATENOW \) / 86400 | bc)
        if [ "$DAYS_EXP" -gt "7" ] ; then
            echo "$URL cert is up to date, no need for renewal ($DAYS_EXP days left)."
            continue
        else
            echo "$URL cert is about to expire soon. Starting renewal request..."
        fi
    fi

    if [ $SUB == "www" ]; then
        # For apex domain
        letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email philporada@gmail.com --text --agree-tos -d $DOMAIN.$TLD -d $SUB.$DOMAIN.$TLD
        RETVAL=$?
    elif [ $SUB != "dev" ]; then
       echo "Skipping $SUB.$DOMAIN.$TLD because Let's Encrypt only allows up to 2 certs per domain and I want www and dev to have certs."
    else
        # For subdomains other than www
        letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email philporada@gmail.com --text --agree-tos -d $SUB.$DOMAIN.$TLD
        RETVAL=$?
    fi

    if [ ! -z $RETVAL ]; then
        if [ $RETVAL -eq 0 ]; then
            logger -i -p user.info -t LETSENCRYPT "Cert generation for $SUB.$DOMAIN.$TLD succeeded. Return code was $RETVAL."
        else
            logger -i -p user.info -t LETSENCRYPT "Attempted SSL cert generation for $SUB.$DOMAIN.$TLD failed. Return code was $RETVAL."
        fi
    fi

    unset RETVAL
done
	#!/bin/bash
	# AUTHOR: Phil Porada and some of this https://gist.githubusercontent.com/erikaheidi/b217d927ee326075a854/raw/47e09ca519c323ff8705e380202b1269c654000c/le-renew-centos.sh

	# phil-listdomains returns lines as follows
	######
	# www.example.com
	# dev.whatever.net
	# test.fakedomain.org

	for i in $(/bin/phil-listdomains); do
	SUB=$(echo ${i} \| cut -d . -f1)
	DOMAIN=$(echo ${i} \| cut -d . -f2)
	TLD=$(echo ${i} \| cut -d . -f3)

	if [ $SUB == www ]; then
	URL=$DOMAIN.$TLD
	else
	URL=$SUB.$DOMAIN.$TLD
	fi

	CERT=/etc/letsencrypt/live/$URL/fullchain.pem

	if [ ! -f /etc/letsencrypt/live/$URL/fullchain.pem ]; then
	echo "Certificate file not found for $URL"
	else
	EXP=$(date -d "$(openssl x509 -in $CERT -text -noout \| grep "Not After" \| cut -c 25-)" +%s)
	DATENOW=$(date -d "now" +%s)
	DAYS_EXP=$(echo \( $EXP - $DATENOW \) / 86400 \| bc)
	if [ "$DAYS_EXP" -gt "7" ] ; then
	echo "$URL cert is up to date, no need for renewal ($DAYS_EXP days left)."
	continue
	else
	echo "$URL cert is about to expire soon. Starting renewal request..."
	fi
	fi

	if [ $SUB == "www" ]; then
	# For apex domain
	letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email philporada@gmail.com --text --agree-tos -d $DOMAIN.$TLD -d $SUB.$DOMAIN.$TLD
	RETVAL=$?
	elif [ $SUB != "dev" ]; then
	echo "Skipping $SUB.$DOMAIN.$TLD because Let's Encrypt only allows up to 2 certs per domain and I want www and dev to have certs."
	else
	# For subdomains other than www
	letsencrypt-auto certonly --webroot --webroot-path /var/www/domains/$DOMAIN.$TLD/$SUB/htdocs --renew-by-default --email philporada@gmail.com --text --agree-tos -d $SUB.$DOMAIN.$TLD
	RETVAL=$?
	fi

	if [ ! -z $RETVAL ]; then
	if [ $RETVAL -eq 0 ]; then
	logger -i -p user.info -t LETSENCRYPT "Cert generation for $SUB.$DOMAIN.$TLD succeeded. Return code was $RETVAL."
	else
	logger -i -p user.info -t LETSENCRYPT "Attempted SSL cert generation for $SUB.$DOMAIN.$TLD failed. Return code was $RETVAL."
	fi
	fi

	unset RETVAL
	done