#!/bin/bash
# script convert end make ssl sert for https
# info - script auto update cert for sites
# version 1.10.1
# author Koshuba V.O.- 2021
# master@qbpro.ru
#
path_certbot="/etc/letsencrypt/live";
path_ssl="/etc/ssl/private";
source certbot.conf;
log="/var/log/syslog";
#
cmd=$1;
#
## if keys update certbot - recreate keys for sites
function makekeys() {
valtrue=0;
rdate=$(date +%Y-%m-%d);
rtime=$(date +%H:%M);
for ((dmn=0; dmn != ${#domains[@]}; dmn++))
do
keydate=$(ls -l --time-style=long-iso $path_certbot/${domains[$dmn]}/cert.pem |awk {'print$6'});
keytime=$(ls -l --time-style=long-iso $path_certbot/${domains[$dmn]}/cert.pem |awk {'print$7'});
if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
then
((valtrue++));
cat $path_certbot/${domains[$dmn]}/cert.pem > $path_ssl/${domains[$dmn]}.pem;
cat $path_certbot/${domains[$dmn]}/chain.pem >> $path_ssl/${domains[$dmn]}.pem;
cat $path_certbot/${domains[$dmn]}/fullchain.pem >> $path_ssl/${domains[$dmn]}.pem;
cat $path_certbot/${domains[$dmn]}/privkey.pem >> $path_ssl/${domains[$dmn]}.pem;
echo "$rdate - $rtime - autocertbot: recreate cert for ${domains[$dmn]}">> $log;
fi
done
if [ $valtrue != 0 ];
then
:>/etc/ssl/crt-list.txt
for ((icrt=0; icrt != ${#domains[@]}; icrt++))
do
echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
done
fi
}
function renew() {
/etc/init.d/haproxy stop;
certbot renew;
makekeys;
/etc/init.d/haproxy start;
}
function createCert() {
certbot register --agree-tos -m $adminmail;
/etc/init.d/haproxy stop;
for ((dmn=0; dmn != ${#domains[@]}; dmn++))
do
certbot certonly --preferred-challenges http --standalone -d ${domains[$dmn]};
done
/etc/init.d/haproxy start;
}
case "$cmd" in
## create cert
"--create" | "--create" )
createCert;
;;
## update cert
"--update" | "--update" )
renew;
;;
## start defaults
* )
echo "please input pameters: autocertbot.sh --create | --update";
echo "autocertbot.sh --create; create new certificate"
echo "autocertbot.sh --update; update certificates;"
;;
esac