certrenew


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28

#!/bin/bash

set -e

main() {
	if (($#<2)); then
		printf "usage: %s <webroot> <domains ...>\n" "${0##*/}"
		exit 1
	fi

	local webroot=$1; shift;
	local -a domains=("$@")

	local cert="/etc/letsencrypt/live/${domains[0]}/cert.pem"

	# renew if expires within 8 weeks
	if ! openssl x509 -noout -checkend $((8*7*86400)) -in "${cert}"; then
		letsencrypt certonly --email bluewind@xinu.at --agree-tos --renew-by-default --webroot -w "$webroot" "${domains[@]/#/-d }"
		return 0
	fi

	# exit 1 so that scripts using this can check we the cert has been updated
	# (certrenew .. && systemctl reload ..)
	return 1
}

main "$@"