Ce script test le délai avant expiration de vos certificats SSL.
Le renouvellement est demandé si l’expiration intervient dans les 10 jours (par défaut).
Votre serveur web est nginx….dans cet exemple.
#!/bin/sh
#DEBUG=true
DEBUG=false
SSL_CHECK=/usr/bin/ssl-cert-check
CERBOT=/usr/bin/certbot
AWK=/usr/bin/awk
MIN_EXP=${1:-10}
MUST_RENEW=false
# Test and install ssl-cert-check if needed
if [[ ! -f ${SSL_CHECK} ]]; then
if ${DEBUG} ; then echo -e "\e[93m INFO : Installing ssl-cert-check \e[0m" ; fi
apt-get -qq update
apt-get -qq -y install ssl-cert-check
fi
# Test each cert.pem find in /etc/letsencrypt
for FOLDER in `find /etc/letsencrypt/archive/ -maxdepth 1 -mindepth 1 -type d`
do
CERTIFICAT=${FOLDER##*/}
day_before_expiry=$(${SSL_CHECK} -b -c /etc/letsencrypt/live/${CERTIFICAT}/cert.pem | ${AWK} '{print $NF}')
if ${DEBUG} ; then echo "${CERTIFICAT} expire in ${day_before_expiry} days" ; fi
if [[ "${MIN_EXP}" -gt "${day_before_expiry}" ]]
then
MUST_RENEW=true
fi
done
# Run certbot renew if at least one certificat is going to expire soon
if ${MUST_RENEW} ; then
if ${DEBUG} ; then
echo -e "\e[93m INFO : Renewing certificats in DRY RUN MODE \e[0m"
${CERBOT} --nginx renew --dry-run
exit 0
fi
${CERBOT} --nginx renew
service nginx restart
exit 0
fi
if ${DEBUG} ; then echo -e "\e[32m No need to renew \e[0m" ; fi
exit 0