update recert (make it acutaly work)

This commit is contained in:
Freya Murphy 2024-09-05 23:37:37 -04:00
parent 1d5a5dc1a2
commit ed35463a36
Signed by: freya
GPG key ID: 744AB800E383AE52

47
recert Executable file → Normal file
View file

@ -7,6 +7,10 @@ cert='cert.pem' # where the public cert should go
key='cert.key' # where the private cert should go
domain='localhost' # the domain to copy certs from
email="freya@freyacat.org"
status=0
usage() {
printf "usage: recert [-hsfq] [-d DOMAIN] [-c CERT] [-k KEY]\n\n"
printf "\t-h\t\tshow the help message\n"
@ -25,11 +29,18 @@ hash() {
}
letscert() {
args=(--non-interactive --agree-tos --no-eff-email --email "$email")
certbot delete \
$args \
--cert-name "$domain"
certbot certonly \
$args \
--preferred-chain "ISRG Root X1" \
--key-type rsa \
--webroot --webroot-path "/var/www/html" \
-d "$1"
--webroot \
--webroot-path "/var/www/html" \
--domains "$1"
status=1
}
recert_log() {
@ -101,8 +112,6 @@ if openssl x509 -checkend 604800 -noout -in "$lets_cert" > /dev/null; then
rmdir "$lets_root"
recert_log "renewing... "
letscert "$domain"
else
recert_log "up to date... "
fi
else
recert_log "renewing... "
@ -119,14 +128,36 @@ if [ $single = 1 ]; then
} >> "$tmp"
fi
# Step 4: copy certs
recert_log "copied certs\n"
if [ $single = 1 ]; then
cp "$tmp" "$cert"
# Setup 4: get hashes
current_hash=""
if [ -f "$cert" ]; then
current_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ")
else
current_hash="FORCE"
fi
new_hash=""
if [ $single = 1 ]; then
new_hash=$(md5sum "$tmp" | cut -f 1 -d " ")
else
new_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ")
fi
# Step 5: copy if hases out of date
if [ "$current_hash" != "$new_hash" ]; then
recert_log "copied certs\n"
if [ $single = 1 ]; then
cp "$tmp" "$cert"
else
cp "$lets_cert" "$cert"
cp "$lets_key" "$key"
fi
status=1
else
recert_log "up to date\n"
fi
# Cleanup
rm "$tmp"
exit "$status"