#!/bin/bash
#
# необходимо для работы: nginx,certbot
# create new cert
path_ssl="/etc/ssl";
path_cert="/etc/letsencrypt/live";
source "/etc/scripts/certbot4mail/certbot4mail.conf";
log="/var/log/syslog";
#
cmd=$1;
#
function createCert() {
for ((dmn=0; dmn != ${#domains[@]}; dmn++))
do
certbot certonly --webroot --agree-tos --email $adminmail -w $webcrt -d ${domains[$dmn]}
done
}
function renew() {
certbot renew;
valtrue=0;
rdate=$(date +%Y-%m-%d);
rtime=$(date +%H:%M);
for ((dmn=0; dmn != ${#domains[@]}; dmn++))
do
keydate=$(ls -l --time-style=long-iso $path_cert/${domains[$dmn]}/cert.pem |awk {'print$6'});
keytime=$(ls -l --time-style=long-iso $path_cert/${domains[$dmn]}/cert.pem |awk {'print$7'});
if [ "$keydate" = "$rdate" ] && [ "$keytime" = "$rtime" ];
then
((valtrue++));
cat $path_cert/${domains[$dmn]}/cert.pem > $path_ssl/private/${domains[$dmn]}.pem;
cat $path_cert/${domains[$dmn]}/chain.pem >> $path_ssl/private/${domains[$dmn]}.pem;
cat $path_cert/${domains[$dmn]}/fullchain.pem >> $path_ssl/private/${domains[$dmn]}.pem;
cat $path_cert/${domains[$dmn]}/privkey.pem >> $path_ssl/private/${domains[$dmn]}.pem;
#
cp -f $path_ssl/private/${domains[$pem_index]}.pem $path_ssl/certs/${domains[$pem_index]}.pem
cd $path_ssl/certs
chmod 600 ${domains[$pem_index]}.pem
ln -sf ${domains[$pem_index]}.pem `openssl x509 -noout -hash < ${domains[$pem_index]}.pem`.0
cd $path_ssl
echo "$(date) - certbot4mail.sh: update cert for ${domains[$dmn]}">> $log;
fi
done
if [ $valtrue != 0 ];
then
:>/etc/ssl/crt-list.txt
for ((icrt=0; icrt != ${#domains[@]}; icrt++))
do
echo "$path_ssl/${domains[$icrt]}.pem">>/etc/ssl/crt-list.txt
done
/etc/init.d/dbmail restart;
/etc/init.d/stunnel4 restart;
fi
}
case "$cmd" in
## create cert
"--create" | "--create" )
createCert;
;;
## update cert
"--update" | "--update" )
renew;
;;
## start defaults
* )
echo "please input pameters: certbot4mail.sh --create | --update";
echo "certbot4mail.sh --create; create new certificate"
echo "certbot4mail.sh --update; update certificates;"
;;
esac