Last active
May 26, 2016 12:40
-
-
Save trushkevich/ea62d81af516ed69c8ab294145a615bf to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
git clone https://github.com/certbot/certbot | |
cd certbot | |
sudo -H ./certbot-auto certonly --standalone -d testserv.xyz -d www.testserv.xyz |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
p Failed to renew certificate for testserv.xyz | |
p | |
span= 'Current certificate expires at ' | |
strong= @expires_at |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'fileutils' | |
require 'active_support/all' | |
def renew_certificate(force = false) | |
ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem' | |
if `sudo cat #{ssl_cert_path}` | |
puts 'Certificate found.' | |
expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', '')) | |
puts "Current certificate expires at #{expires_at}" | |
if force || DateTime.now >= expires_at - 60.days | |
puts 'Renewing certificate.' | |
certbot_auto = '/home/deploy/certbot/certbot-auto' | |
puts 'Updating letsencrypt and dependencies...' | |
`sudo -H #{certbot_auto} --help` | |
puts '...done.' | |
# letsencrypt requires port 80 to be available | |
puts 'Stopping nginx...' | |
`sudo service nginx stop` | |
puts '...done.' | |
if `sudo service nginx status 2>&1`['Active: inactive'] | |
puts 'Nginx is not running.' | |
puts 'Renewing certificate.' | |
`sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default` | |
puts 'Done.' | |
new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', '')) | |
if new_expires_at > expires_at | |
puts "Certificate successfully renewed." | |
puts "New certificate expires at #{new_expires_at}" | |
# SslMailer.delay.renewed(new_expires_at) | |
else | |
puts "Failed to renew certificate." | |
end | |
puts 'Starting nginx...' | |
`sudo service nginx start 2>&1` | |
puts '...done.' | |
if `sudo service nginx status 2>&1`['Active: active'] | |
puts 'Nginx is running.' | |
else | |
puts 'Could not start Nginx.' | |
end | |
else | |
puts 'Could not stop Nginx.' | |
end | |
elsif DateTime.now < expires_at - 60.days | |
puts "Certificate doesn't need to be renewed." | |
end | |
if DateTime.now >= expires_at - 4.days | |
# SslMailer.delay.not_renewed(expires_at) | |
end | |
else | |
puts 'Could not find certificate to renew.' | |
end | |
end | |
renew_certificate |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
p Certificate for testserv.xyz has been successfully renewed | |
p | |
span= 'New certificate expires at ' | |
strong= @expires_at |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
class SslMailer < ApplicationMailer | |
def renewed(expires_at) | |
@expires_at = expires_at | |
mail(subject: 'Certificate for testserv.xyz renewed') | |
end | |
def not_renewed(expires_at) | |
@expires_at = expires_at | |
mail(subject: 'Failed to renew certificate for testserv.xyz') | |
end | |
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
require 'fileutils' | |
class SslWorker | |
include Sidekiq::Worker | |
include Sidetiq::Schedulable | |
sidekiq_options retry: false, queue: :default | |
recurrence { daily } | |
def perform(options = {}) | |
return unless enabled? | |
renew_certificate | |
end | |
private | |
def enabled? | |
!Rails.env.development? | |
end | |
def renew_certificate(force = false) | |
ssl_cert_path = '/etc/letsencrypt/live/testserv.xyz/fullchain.pem' | |
if `sudo cat #{ssl_cert_path}` | |
puts 'Certificate found.' | |
expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', '')) | |
puts "Current certificate expires at #{expires_at}" | |
if force || DateTime.now >= expires_at - 60.days | |
puts 'Renewing certificate.' | |
certbot_auto = '/home/deploy/certbot/certbot-auto' | |
puts 'Updating letsencrypt and dependencies...' | |
`sudo -H #{certbot_auto} --help` | |
puts '...done.' | |
# letsencrypt requires port 80 to be available | |
puts 'Stopping nginx...' | |
`sudo service nginx stop` | |
puts '...done.' | |
if `sudo service nginx status 2>&1`['Active: inactive'] | |
puts 'Nginx is not running.' | |
puts 'Renewing certificate.' | |
`sudo -H #{certbot_auto} --standalone -d testserv.xyz -d www.testserv.xyz certonly --renew-by-default` | |
puts 'Done.' | |
new_expires_at = DateTime.parse(`sudo openssl x509 -enddate -noout -in #{ssl_cert_path}`.strip.gsub('notAfter=', '')) | |
if new_expires_at > expires_at | |
puts "Certificate successfully renewed." | |
puts "New certificate expires at #{new_expires_at}" | |
SslMailer.delay.renewed(new_expires_at) | |
else | |
puts "Failed to renew certificate." | |
end | |
puts 'Starting nginx...' | |
`sudo service nginx start 2>&1` | |
puts '...done.' | |
if `sudo service nginx status 2>&1`['Active: active'] | |
puts 'Nginx is running.' | |
else | |
puts 'Could not start Nginx.' | |
end | |
else | |
puts 'Could not stop Nginx.' | |
end | |
elsif DateTime.now < expires_at - 60.days | |
puts "Certificate doesn't need to be renewed." | |
end | |
if DateTime.now >= expires_at - 4.days | |
SslMailer.delay.not_renewed(expires_at) | |
end | |
else | |
puts 'Could not find certificate to renew.' | |
end | |
end | |
end |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment