|
|
|
@ -52,7 +52,7 @@ PRIVATE_KEY_ALG="rsa" |
|
|
|
SERVER_TYPE="webserver" |
|
|
|
_USE_DEBUG=0 |
|
|
|
_CREATE_CONFIG=0 |
|
|
|
_RENEW_ALL=0 |
|
|
|
_CHECK_ALL=0 |
|
|
|
_FORCE_RENEW=0 |
|
|
|
|
|
|
|
clean_up() { # Perform pre-exit housekeeping |
|
|
|
@ -338,8 +338,8 @@ help_message() { |
|
|
|
-h, --help Display this help message and exit |
|
|
|
-d, --debug Outputs debug information |
|
|
|
-c, --create Create default config files |
|
|
|
-f, --force Fore renewal of cert (overrides expiry checks) |
|
|
|
-a, --all Renew all certificates |
|
|
|
-f, --force Force renewal of cert (overrides expiry checks) |
|
|
|
-a, --all Check all certificates |
|
|
|
-w working_dir Working directory |
|
|
|
|
|
|
|
_EOF_ |
|
|
|
@ -362,7 +362,7 @@ while [[ -n $1 ]]; do |
|
|
|
-f | --force) |
|
|
|
_FORCE_RENEW=1 ;; |
|
|
|
-a | --all) |
|
|
|
_RENEW_ALL=1 ;; |
|
|
|
_CHECK_ALL=1 ;; |
|
|
|
-w) |
|
|
|
shift; WORKING_DIR="$1" ;; |
|
|
|
-* | --*) |
|
|
|
@ -384,8 +384,8 @@ _requires xxd |
|
|
|
_requires base64 |
|
|
|
_requires nslookup |
|
|
|
|
|
|
|
if [ ${_RENEW_ALL} -eq 1 ]; then |
|
|
|
info "Renew all certificates" |
|
|
|
if [ ${_CHECK_ALL} -eq 1 ]; then |
|
|
|
info "Check all certificates" |
|
|
|
|
|
|
|
if [ ${_CREATE_CONFIG} -eq 1 ]; then |
|
|
|
error_exit "cannot combine -c|--create with -a|--all" |
|
|
|
@ -398,16 +398,15 @@ if [ ${_RENEW_ALL} -eq 1 ]; then |
|
|
|
if [ ! -d "$WORKING_DIR" ]; then |
|
|
|
error_exit "working dir not found or not set - $WORKING_DIR" |
|
|
|
fi |
|
|
|
|
|
|
|
for dir in $(ls "$WORKING_DIR"); do |
|
|
|
if [ -d "$WORKING_DIR/$dir" ]; then |
|
|
|
info "Renewing $dir" |
|
|
|
for dir in ${WORKING_DIR}/*; do |
|
|
|
if [ -d "$dir" ]; then |
|
|
|
debug "Checking $dir" |
|
|
|
|
|
|
|
cmd="$0 -w '$WORKING_DIR'" |
|
|
|
if [ ${_USE_DEBUG} -eq 1 ]; then |
|
|
|
cmd="$cmd -d" |
|
|
|
fi |
|
|
|
cmd="$cmd $dir" |
|
|
|
cmd="$cmd $(basename $dir)" |
|
|
|
|
|
|
|
debug "CMD: $cmd" |
|
|
|
eval "$cmd" |
|
|
|
@ -495,7 +494,7 @@ fi |
|
|
|
|
|
|
|
# if it's a webserver, connect and obtain the certificate |
|
|
|
if [[ "${SERVER_TYPE}" == "webserver" ]] && [ $_FORCE_RENEW -eq 0 ]; then |
|
|
|
info "getting certificate for $DOMAIN from webserver" |
|
|
|
debug "getting certificate for $DOMAIN from webserver" |
|
|
|
EX_CERT=$(echo | openssl s_client -servername ${DOMAIN} -connect ${DOMAIN}:443 2>/dev/null | openssl x509 2>/dev/null) |
|
|
|
if [ ! -z "$EX_CERT" ]; then # if obtained a cert |
|
|
|
if [ -f "$CERT_FILE" ]; then #if local exists |
|
|
|
@ -532,7 +531,7 @@ if [[ "${SERVER_TYPE}" == "webserver" ]] && [ $_FORCE_RENEW -eq 0 ]; then |
|
|
|
fi |
|
|
|
fi |
|
|
|
else # local cert doesn't exist" |
|
|
|
info "local certificate doesn't exist, saving a copy from remote" |
|
|
|
debug "local certificate doesn't exist, saving a copy from remote" |
|
|
|
echo "$EX_CERT" > "$DOMAIN_DIR/${DOMAIN}.crt" |
|
|
|
fi |
|
|
|
else |
|
|
|
@ -548,10 +547,12 @@ fi |
|
|
|
if [ -f "$CERT_FILE" ]; then |
|
|
|
debug "certificate $CERT_FILE exists" |
|
|
|
enddate=$(openssl x509 -in $CERT_FILE -noout -enddate 2>/dev/null| cut -d= -f 2-) |
|
|
|
debug "enddate is $enddate" |
|
|
|
if [[ "$enddate" != "-" ]]; then |
|
|
|
if [[ $(date -d "${RENEW_ALLOW} days" +%s) -lt $(date -d "$enddate" +%s) ]]; then |
|
|
|
error_exit "existing certificate ( $CERT_FILE ) is still valid for more than $RENEW_ALLOW days - aborting" |
|
|
|
error_exit "certificate for $DOMAIN is still valid for more than $RENEW_ALLOW days" |
|
|
|
else |
|
|
|
debug "certificate for $DOMAIN needs renewal" |
|
|
|
cert_archive "${CERT_FILE}" |
|
|
|
fi |
|
|
|
fi |
|
|
|
|
srvrco
10 years ago