Browse Source

add check cert

pull/1/head
Dryusdan 1 year ago
parent
commit
ad5fa27ea7
1 changed files with 73 additions and 0 deletions
  1. 73
    0
      check_certs.sh

+ 73
- 0
check_certs.sh View File

@@ -0,0 +1,73 @@
#!/bin/bash

RELOAD_NGINX=0

## Variables
CSI="\033["
CEND="${CSI}0m"
CRED="${CSI}1;31m"
CGREEN="${CSI}1;32m"
CYELLOW="${CSI}1;33m"
CBLUE="${CSI}1;34m"


## Functions
f_log() {
LOG_TYPE=$1
LOG_MESSAGE=$2

case "${LOG_TYPE}" in
"INF")
echo -e "${CBLUE}[NOTICE] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"SUC")
echo -e "${CGREEN}[SUCCESS] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"WRN")
echo -e "${CYELLOW}[WARNING] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
"ERR")
echo -e "${CRED}[ERROR] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
;;
esac
}

f_check_certs() {
LIST_DOMAINS=$(ls /etc/nginx/ssl/certificates | grep .crt | grep -v issuer | sed 's|.crt||g')

for domain in ${LIST_DOMAINS}; do
CERTFILE=/etc/nginx/ssl/certificates/${domain}.crt
KEYFILE=/etc/nginx/ssl/certificates/${domain}.key

SSL_ALGO="$(openssl x509 -text -in ${CERTFILE} | grep "Public Key Algorithm" | awk '{print $4}')"
SSL_SIZE="$(openssl x509 -text -in ${CERTFILE} | grep "Public-Key" | sed 's/^.*(\(.*\) bit)$/\1/')"

if [ "${SSL_ALGO}" == "rsaEncryption" ]; then
SSL_TYPE="rsa${SSL_SIZE}"
elif [ "${SSL_ALGO}" == "id-ecPublicKey" ]; then
SSL_TYPE="ec${SSL_SIZE}"
fi

openssl x509 -checkend 864000 -noout -in "${CERTFILE}"
if [ $? == 0 ]; then
f_log INF "Certificate for ${domain} is good for another 10 days!"
else
f_log INF "Generate New Certificate for ${domain}"
lego -a -m ssl@dryusdan.fr -d ${domain} --path /etc//nginx/ssl --webroot /var/www/letsencrypt/${domain} -k ${SSL_TYPE} run
if [ -e ${CERTFILE} ]; then
RELOAD_NGINX=1
f_log INF "New Certificate for ${domain} generated"
else
f_log ERR "New Certificate for ${domain} not generated"
fi
fi
done
}

f_check_certs

cp -R /etc/nginx/ssl/certificates/xmpp.dryusdan.fr.* /etc/prosody/certs/
systemctl restart prosody.service
if [ ${RELOAD_NGINX} -eq 1 ]; then
nginx -s reload
fi

Loading…
Cancel
Save