Ce script test le délai avant expiration de vos certificats SSL.
Le renouvellement est demandé si l’expiration intervient dans les 10 jours (par défaut).
Votre serveur web est nginx….dans cet exemple.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 | #!/bin/sh#DEBUG=trueDEBUG=falseSSL_CHECK=/usr/bin/ssl-cert-checkCERBOT=/usr/bin/certbotAWK=/usr/bin/awkMIN_EXP=${1:-10}MUST_RENEW=false# Test and install ssl-cert-check if neededif [[ ! -f ${SSL_CHECK} ]]; then if ${DEBUG} ; then echo -e "\e[93m INFO : Installing ssl-cert-check \e[0m" ; fi apt-get -qq update apt-get -qq -y install ssl-cert-checkfi# Test each cert.pem find in /etc/letsencryptfor FOLDER in `find /etc/letsencrypt/archive/ -maxdepth 1 -mindepth 1 -type d`do CERTIFICAT=${FOLDER##*/} day_before_expiry=$(${SSL_CHECK} -b -c /etc/letsencrypt/live/${CERTIFICAT}/cert.pem | ${AWK} '{print $NF}') if ${DEBUG} ; then echo "${CERTIFICAT} expire in ${day_before_expiry} days" ; fi if [[ "${MIN_EXP}" -gt "${day_before_expiry}" ]] then MUST_RENEW=true fidone# Run certbot renew if at least one certificat is going to expire soonif ${MUST_RENEW} ; then if ${DEBUG} ; then echo -e "\e[93m INFO : Renewing certificats in DRY RUN MODE \e[0m" ${CERBOT} --nginx renew --dry-run exit 0 fi ${CERBOT} --nginx renew service nginx restart exit 0fiif ${DEBUG} ; then echo -e "\e[32m No need to renew \e[0m" ; fiexit 0 |