#!/bin/bash # # Update certificates. # . /path/to/tools/utils.sh CERTBOT_CMD='/usr/bin/certbot' SYSTEMCTL_CMD='/usr/bin/systemctl' CERTRENEW_DIR='/path/to/tools/certrenew.d' NGINX_CONF_DIR='/etc/nginx/conf.d' OPTS_LIST='certrenew.list' NGINX_CONF='certrenew.conf' if [ ! -f "${CERTBOT_CMD}" ] || [ ! -x "${CERTBOT_CMD}" ]; then error "Command not found or not executable: ${CERTBOT_CMD}" exit 1 fi if [ ! -f "${SYSTEMCTL_CMD}" ] || [ ! -x "${SYSTEMCTL_CMD}" ]; then error "Command not found or not executable: ${SYSTEMCTL_CMD}" exit 1 fi if [ ! -f "${CERTRENEW_DIR}/${OPTS_LIST}" ] || [ ! -r "${CERTRENEW_DIR}/${OPTS_LIST}" ]; then error "List not found or not readable: ${CERTRENEW_DIR}/${OPTS_LIST}" exit 2 fi if [ ! -f "${CERTRENEW_DIR}/${NGINX_CONF}" ] || [ ! -r "${CERTRENEW_DIR}/${NGINX_CONF}" ]; then error "File not found or not readable: ${CERTRENEW_DIR}/${NGINX_CONF}" exit 2 fi if [ ! -d "${NGINX_CONF_DIR}" ] || [ ! -w "${NGINX_CONF_DIR}" ]; then error "Directory not found or not writable: ${NGINX_CONF_DIR}" exit 2 fi # copy special nginx conf. /bin/cp ${CERTRENEW_DIR}/${NGINX_CONF} ${NGINX_CONF_DIR}/${NGINX_CONF} if [ $? -ne 0 ]; then error "Can't copy nginx config file." exit 3 fi # restart nginx ${SYSTEMCTL_CMD} restart nginx if [ $? -ne 0 ]; then error "Failed to restart nginx: $!" exit 4 fi # remove special nginx conf. /bin/rm -f ${NGINX_CONF_DIR}/${NGINX_CONF} if [ $? -ne 0 ]; then warn "Failed to remove nginx config: $!" fi info "Start update certificates." while read OPTS; do # skip blank line. if [[ "${OPTS}" =~ ^\s*$ ]]; then continue fi # skip comment line. if [[ "${OPTS}" =~ ^\s*# ]]; then continue fi # run certbot ${CERTBOT_CMD} certonly ${OPTS} if [ $? -ne 0 ]; then error "Failed to update certificate: ${OPTS}: $!" exit 3 fi info "Succeed to update certificate: ${OPTS}" done < ${CERTRENEW_DIR}/${OPTS_LIST} ${SYSTEMCTL_CMD} restart nginx if [ $? -ne 0 ]; then error "Failed to restart nginx: $!" exit 4 fi info "Succeed to update all certificates." exit 0