trushkevich/get_sert.sh

## get_sert.sh
#!/usr/bin/env bash
git clone https://github.com/certbot/certbot
cd certbot
sudo -H ./certbot-auto certonly --standalone -d testserv.xyz -d www.testserv.xyz

## not_renewed.html.slim
p Failed to renew certificate for testserv.xyz
p
  span= 'Current certificate expires at '
  strong= @expires_at

## renew_certificate.rb
require 'fileutils'
require 'active_support/all'

def renew_certificate(force = false)
  ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem'
  if `sudo cat #{ssl_cert_path}`
    puts 'Certificate found.'
    expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
    puts "Current certificate expires at #{expires_at}"

    if force || DateTime.now >= expires_at - 60.days
      puts 'Renewing certificate.'
      certbot_auto = '/home/deploy/certbot/certbot-auto'

      puts 'Updating letsencrypt and dependencies...'
      `sudo -H #{certbot_auto} --help`
      puts '...done.'

      # letsencrypt requires port 80 to be available
      puts 'Stopping nginx...'
      `sudo service nginx stop`
      puts '...done.'

      if `sudo service nginx status 2>&1`['Active: inactive']
        puts 'Nginx is not running.'

        puts 'Renewing certificate.'
        `sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default`
        puts 'Done.'
        new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
        if new_expires_at > expires_at
          puts "Certificate successfully renewed."
          puts "New certificate expires at #{new_expires_at}"
          # SslMailer.delay.renewed(new_expires_at)
        else
          puts "Failed to renew certificate."
        end

        puts 'Starting nginx...'
        `sudo service nginx start 2>&1`
        puts '...done.'
        if `sudo service nginx status 2>&1`['Active: active']
          puts 'Nginx is running.'
        else
          puts 'Could not start Nginx.'
        end

      else
        puts 'Could not stop Nginx.'
      end
    elsif DateTime.now < expires_at - 60.days
      puts "Certificate doesn't need to be renewed."
    end

    if DateTime.now >= expires_at - 4.days
      # SslMailer.delay.not_renewed(expires_at)
    end
  else
    puts 'Could not find certificate to renew.'
  end
end

renew_certificate

## renewed.html.slim
p Certificate for testserv.xyz has been successfully renewed
p
  span= 'New certificate expires at '
  strong= @expires_at

## ssl_mailer.rb
class SslMailer < ApplicationMailer

  def renewed(expires_at)
    @expires_at = expires_at
    mail(subject: 'Certificate for testserv.xyz renewed')
  end

  def not_renewed(expires_at)
    @expires_at = expires_at
    mail(subject: 'Failed to renew certificate for testserv.xyz')
  end

end

## ssl_worker.rb
require 'fileutils'

class SslWorker
  include Sidekiq::Worker
  include Sidetiq::Schedulable

  sidekiq_options retry: false, queue: :default

  recurrence { daily }

  def perform(options = {})
    return unless enabled?

    renew_certificate
  end

  private

  def enabled?
    !Rails.env.development?
  end

  def renew_certificate(force = false)
    ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem'
    if `sudo cat #{ssl_cert_path}`
      puts 'Certificate found.'
      expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
      puts "Current certificate expires at #{expires_at}"

      if force || DateTime.now >= expires_at - 60.days
        puts 'Renewing certificate.'
        certbot_auto = '/home/deploy/certbot/certbot-auto'

        puts 'Updating letsencrypt and dependencies...'
        `sudo -H #{certbot_auto} --help`
        puts '...done.'

        # letsencrypt requires port 80 to be available
        puts 'Stopping nginx...'
        `sudo service nginx stop`
        puts '...done.'

        if `sudo service nginx status 2>&1`['Active: inactive']
          puts 'Nginx is not running.'

          puts 'Renewing certificate.'
          `sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default`
          puts 'Done.'
          new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
          if new_expires_at > expires_at
            puts "Certificate successfully renewed."
            puts "New certificate expires at #{new_expires_at}"
            SslMailer.delay.renewed(new_expires_at)
          else
            puts "Failed to renew certificate."
          end

          puts 'Starting nginx...'
          `sudo service nginx start 2>&1`
          puts '...done.'
          if `sudo service nginx status 2>&1`['Active: active']
            puts 'Nginx is running.'
          else
            puts 'Could not start Nginx.'
          end

        else
          puts 'Could not stop Nginx.'
        end
      elsif DateTime.now < expires_at - 60.days
        puts "Certificate doesn't need to be renewed."
      end

      if DateTime.now >= expires_at - 4.days
        SslMailer.delay.not_renewed(expires_at)
      end
    else
      puts 'Could not find certificate to renew.'
    end
  end

end
	#!/usr/bin/env bash
	git clone https://github.com/certbot/certbot
	cd certbot
	sudo -H ./certbot-auto certonly --standalone -d testserv.xyz -d www.testserv.xyz
	p Failed to renew certificate for testserv.xyz
	p
	span= 'Current certificate expires at '
	strong= @expires_at
	require 'fileutils'
	require 'active_support/all'

	def renew_certificate(force = false)
	ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem'
	if `sudo cat #{ssl_cert_path}`
	puts 'Certificate found.'
	expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
	puts "Current certificate expires at #{expires_at}"

	if force \|\| DateTime.now >= expires_at - 60.days
	puts 'Renewing certificate.'
	certbot_auto = '/home/deploy/certbot/certbot-auto'

	puts 'Updating letsencrypt and dependencies...'
	`sudo -H #{certbot_auto} --help`
	puts '...done.'

	# letsencrypt requires port 80 to be available
	puts 'Stopping nginx...'
	`sudo service nginx stop`
	puts '...done.'

	if `sudo service nginx status 2>&1`['Active: inactive']
	puts 'Nginx is not running.'

	puts 'Renewing certificate.'
	`sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default`
	puts 'Done.'
	new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
	if new_expires_at > expires_at
	puts "Certificate successfully renewed."
	puts "New certificate expires at #{new_expires_at}"
	# SslMailer.delay.renewed(new_expires_at)
	else
	puts "Failed to renew certificate."
	end

	puts 'Starting nginx...'
	`sudo service nginx start 2>&1`
	puts '...done.'
	if `sudo service nginx status 2>&1`['Active: active']
	puts 'Nginx is running.'
	else
	puts 'Could not start Nginx.'
	end

	else
	puts 'Could not stop Nginx.'
	end
	elsif DateTime.now < expires_at - 60.days
	puts "Certificate doesn't need to be renewed."
	end

	if DateTime.now >= expires_at - 4.days
	# SslMailer.delay.not_renewed(expires_at)
	end
	else
	puts 'Could not find certificate to renew.'
	end
	end

	renew_certificate
	p Certificate for testserv.xyz has been successfully renewed
	p
	span= 'New certificate expires at '
	strong= @expires_at
	class SslMailer < ApplicationMailer

	def renewed(expires_at)
	@expires_at = expires_at
	mail(subject: 'Certificate for testserv.xyz renewed')
	end

	def not_renewed(expires_at)
	@expires_at = expires_at
	mail(subject: 'Failed to renew certificate for testserv.xyz')
	end

	end
	require 'fileutils'

	class SslWorker
	include Sidekiq::Worker
	include Sidetiq::Schedulable

	sidekiq_options retry: false, queue: :default

	recurrence { daily }

	def perform(options = {})
	return unless enabled?

	renew_certificate
	end

	private

	def enabled?
	!Rails.env.development?
	end

	def renew_certificate(force = false)
	ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem'
	if `sudo cat #{ssl_cert_path}`
	puts 'Certificate found.'
	expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
	puts "Current certificate expires at #{expires_at}"

	if force \|\| DateTime.now >= expires_at - 60.days
	puts 'Renewing certificate.'
	certbot_auto = '/home/deploy/certbot/certbot-auto'

	puts 'Updating letsencrypt and dependencies...'
	`sudo -H #{certbot_auto} --help`
	puts '...done.'

	# letsencrypt requires port 80 to be available
	puts 'Stopping nginx...'
	`sudo service nginx stop`
	puts '...done.'

	if `sudo service nginx status 2>&1`['Active: inactive']
	puts 'Nginx is not running.'

	puts 'Renewing certificate.'
	`sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default`
	puts 'Done.'
	new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', ''))
	if new_expires_at > expires_at
	puts "Certificate successfully renewed."
	puts "New certificate expires at #{new_expires_at}"
	SslMailer.delay.renewed(new_expires_at)
	else
	puts "Failed to renew certificate."
	end

	puts 'Starting nginx...'
	`sudo service nginx start 2>&1`
	puts '...done.'
	if `sudo service nginx status 2>&1`['Active: active']
	puts 'Nginx is running.'
	else
	puts 'Could not start Nginx.'
	end

	else
	puts 'Could not stop Nginx.'
	end
	elsif DateTime.now < expires_at - 60.days
	puts "Certificate doesn't need to be renewed."
	end

	if DateTime.now >= expires_at - 4.days
	SslMailer.delay.not_renewed(expires_at)
	end
	else
	puts 'Could not find certificate to renew.'
	end
	end

	end