From ed35463a36420c9ddafe1cf4932cedae7cc3ebf8 Mon Sep 17 00:00:00 2001 From: Freya Murphy Date: Thu, 5 Sep 2024 23:37:37 -0400 Subject: [PATCH] update recert (make it acutaly work) --- recert | 51 +++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 41 insertions(+), 10 deletions(-) mode change 100755 => 100644 recert diff --git a/recert b/recert old mode 100755 new mode 100644 index 8a15054..356ce62 --- a/recert +++ b/recert @@ -7,6 +7,10 @@ cert='cert.pem' # where the public cert should go key='cert.key' # where the private cert should go domain='localhost' # the domain to copy certs from +email="freya@freyacat.org" + +status=0 + usage() { printf "usage: recert [-hsfq] [-d DOMAIN] [-c CERT] [-k KEY]\n\n" printf "\t-h\t\tshow the help message\n" @@ -25,11 +29,18 @@ hash() { } letscert() { + args=(--non-interactive --agree-tos --no-eff-email --email "$email") + certbot delete \ + $args \ + --cert-name "$domain" certbot certonly \ + $args \ --preferred-chain "ISRG Root X1" \ --key-type rsa \ - --webroot --webroot-path "/var/www/html" \ - -d "$1" + --webroot \ + --webroot-path "/var/www/html" \ + --domains "$1" + status=1 } recert_log() { @@ -101,8 +112,6 @@ if openssl x509 -checkend 604800 -noout -in "$lets_cert" > /dev/null; then rmdir "$lets_root" recert_log "renewing... " letscert "$domain" - else - recert_log "up to date... " fi else recert_log "renewing... " @@ -119,14 +128,36 @@ if [ $single = 1 ]; then } >> "$tmp" fi -# Step 4: copy certs -recert_log "copied certs\n" -if [ $single = 1 ]; then - cp "$tmp" "$cert" +# Setup 4: get hashes +current_hash="" +if [ -f "$cert" ]; then + current_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ") else - cp "$lets_cert" "$cert" - cp "$lets_key" "$key" + current_hash="FORCE" +fi + +new_hash="" +if [ $single = 1 ]; then + new_hash=$(md5sum "$tmp" | cut -f 1 -d " ") +else + new_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ") +fi + +# Step 5: copy if hases out of date +if [ "$current_hash" != "$new_hash" ]; then + recert_log "copied certs\n" + if [ $single = 1 ]; then + cp "$tmp" "$cert" + else + cp "$lets_cert" "$cert" + cp "$lets_key" "$key" + fi + status=1 +else + recert_log "up to date\n" fi # Cleanup rm "$tmp" + +exit "$status"