/
acme-tiny-wrapper
executable file
·46 lines (37 loc) · 1.31 KB
/
acme-tiny-wrapper
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#!/bin/bash
set -e
if [ -z "$PREFIX" ]; then
PREFIX="/etc/acme-tiny"
fi
if [ -z "$ACME_TINY_BIN" ]; then
ACME_TINY_BIN="acme-tiny"
fi
if [ "$#" -ne 1 ]; then
echo "Usage: $0 <acme dir>"
echo "For example: $0 /srv/http/letsencrypt/.well-known/acme-challenge/"
exit 1
fi
ACME_DIR="$1"
ACCOUNT_KEY="${PREFIX}/account.key"
for csr in ${PREFIX}/csr/*.csr
do
name="$(basename "$csr")"
name="${name%.csr}"
work_dir="${PREFIX}/live/${name}"
CERT="${work_dir}/cert.pem"
FULLCHAIN="${work_dir}/fullchain.pem"
# Skip renewal if the csr hasn't changed since the cert was created and if there are less than 30 days until the cert expires
if [[ -f "$FULLCHAIN" ]] && [[ "$FULLCHAIN" -nt "$csr" ]] ; then
crt_end_date=$(openssl x509 -in "$FULLCHAIN" -noout -enddate | sed -e "s/.*=//")
date_crt=$(date -ud "$crt_end_date" +"%s")
date_today=$(date +'%s')
date_day_diff=$(( ( $date_crt - $date_today ) / (60*60*24) ))
if [ $date_day_diff -gt 30 ] ; then
echo "Certificate for $name doesn't need to be renewed (expires in $date_day_diff days)."
continue
fi
fi
mkdir -p "$work_dir"
${ACME_TINY_BIN} --account-key "$ACCOUNT_KEY" --csr "$csr" --acme-dir "$ACME_DIR" > "${CERT}.tmp"
mv -f "${CERT}.tmp" "${FULLCHAIN}"
done