Skip to content

Instantly share code, notes, and snippets.

@yrro

yrro/zzz_letsencrypt

Created July 4, 2016 15:49
Show Gist options
  • Save yrro/95bb80861a7d1c419a23e9561a4e0c40 to your computer and use it in GitHub Desktop.
Save yrro/95bb80861a7d1c419a23e9561a4e0c40 to your computer and use it in GitHub Desktop.
Download ZIP
certbot (letsencrypt) cron job
Raw
zzz_letsencrypt
#!/bin/bash
set -eux
mapfile domains <<- EOF
example.com,www.example.com apache2
example.net apache2
imap.example.com dovecot
smtp.example.com exim4
mumble.example.com mumble-server
xmpp.example.com prosody
EOF
restart_services=()
for line in "${domains[@]}"; do
read domains service _junk <<< "$line"
domain="${domains%%,*}"
if ! last=$(stat -c %Y "/srv/letsencrypt/config/live/$domain/cert.pem"); then
last=0
fi
if runuser -u acme-challenge -- \
certbot certonly \
--non-interactive \
--keep-until-expiring \
--config-dir "/srv/letsencrypt/config" \
--work-dir "/srv/letsencrypt/work" \
--email example@example.com \
--webroot \
--webroot-path "/srv/letsencrypt/webroot" \
--domains "$domains" \
; then
if [[ "$last" -lt $(stat -c %Y "/srv/letsencrypt/config/live/$domain/cert.pem") ]]; then
restart_services+=("$service")
fi
fi
done
if [[ ${#restart_services[@]} -gt 0 ]]; then
systemctl reload-or-try-restart $(printf '%s\n' "${restart_services[@]}" | sort | uniq)
fi
# vim: ts=8 sts=4 sw=4 et
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment