update recert (make it acutaly work)

1 files changed, 40 insertions, 9 deletions

diff --git a/recert b/recert
index 8a15054..356ce62 100755..100644
--- a/recert
+++ b/recert
@@ -7,6 +7,10 @@ cert='cert.pem' # where the public cert should go
 key='cert.key' # where the private cert should go
 domain='localhost' # the domain to copy certs from
 
+email="freya@freyacat.org"
+
+status=0
+
 usage() {
 	printf "usage: recert [-hsfq] [-d DOMAIN] [-c CERT] [-k KEY]\n\n"
 	printf "\t-h\t\tshow the help message\n"
@@ -25,11 +29,18 @@ hash() {
 }
 
 letscert() {
+	args=(--non-interactive --agree-tos --no-eff-email --email "$email")
+	certbot delete \
+		$args \
+		--cert-name "$domain"
 	certbot certonly \
+		$args \
 		--preferred-chain "ISRG Root X1" \
 		--key-type rsa \
-		--webroot --webroot-path "/var/www/html" \
-		-d "$1"
+		--webroot \
+		--webroot-path "/var/www/html" \
+		--domains "$1"
+	status=1
 }
 
 recert_log() {
@@ -101,8 +112,6 @@ if openssl x509 -checkend 604800 -noout -in "$lets_cert" > /dev/null; then
 		rmdir "$lets_root"
 		recert_log "renewing... "
 		letscert "$domain"
-	else
-		recert_log "up to date... "
 	fi
 else
 	recert_log "renewing... "
@@ -119,14 +128,36 @@ if [ $single = 1 ]; then
 	} >> "$tmp"
 fi
 
-# Step 4: copy certs
-recert_log "copied certs\n"
+# Setup 4: get hashes
+current_hash=""
+if [ -f "$cert" ]; then
+	current_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ")
+else
+	current_hash="FORCE"
+fi
+
+new_hash=""
 if [ $single = 1 ]; then
-	cp "$tmp" "$cert"
+	new_hash=$(md5sum "$tmp" | cut -f 1 -d " ")
 else
-	cp "$lets_cert" "$cert"
-	cp "$lets_key" "$key"
+	new_hash=$(md5sum "$lets_cert" | cut -f 1 -d " ")
+fi
+
+# Step 5: copy if hases out of date
+if [ "$current_hash" != "$new_hash" ]; then
+	recert_log "copied certs\n"
+	if [ $single = 1 ]; then
+		cp "$tmp" "$cert"
+	else
+		cp "$lets_cert" "$cert"
+		cp "$lets_key" "$key"
+	fi
+	status=1
+else
+	recert_log "up to date\n"
 fi
 
 # Cleanup
 rm "$tmp"
+
+exit "$status"