blob: 8927c4a52e099fa03ce0708dc68499af05960531 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/env bash
# Check I'm root.
if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi
# Check CRUPEST_CERTBOT_RENEW_COMMAND is defined.
if [ -z "$CRUPEST_CERTBOT_RENEW_COMMAND" ]; then
echo "CRUPEST_CERTBOT_RENEW_COMMAND must be defined."
exit 1
fi
# Check CRUPEST_CERT_PATH, default to /etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem
if [ -z "$CRUPEST_CERT_PATH" ]; then
CRUPEST_CERT_PATH="/etc/letsencrypt/live/$CRUPEST_DOMAIN/fullchain.pem"
fi
function check_and_renew_cert() {
expire_info=$(openssl x509 -enddate -noout -in "$CRUPEST_CERT_PATH")
# Get ssl certificate expire date.
expire_date=$(echo "$expire_info" | cut -d= -f2)
echo "SSL certificate expire date: $expire_date"
# Convert expire date to UNIX timestamp.
expire_timestamp="$(date -d "$expire_date" +%s)"
# Minus expire timestamp with 30 days in UNIX timestamp.
renew_timestamp="$((expire_timestamp - 2592000))"
echo "Renew SSL certificate at: $(date -d @$renew_timestamp)"
# Get rest time til renew.
rest_time="$((renew_timestamp - $(date +%s)))"
echo "Rest time til renew: $rest_time seconds"
# Do we have rest time?
if [ "$rest_time" -gt 0 ]; then
# Check CRUPEST_GREEDY_CHECK is defined.
if [ -z "$CRUPEST_GREEDY_CHECK" ]; then
# Sleep til renew.
echo "Sleeping til renew..."
sleep "$rest_time"
else
# Sleep 1 hour.
echo "Seems like CRUPEST_GREEDY_CHECK is defined, sleep 1 day and check again..."
sleep 86400
fi
else
# No, renew now.
echo "Renewing now..."
# Run CRUPEST_CERTBOT_RENEW_COMMAND
$CRUPEST_CERTBOT_RENEW_COMMAND
fi
}
# Run check_and_renew_cert in infinate loop.
while true; do
check_and_renew_cert
done
|
