You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

check_certs.sh 2.1KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273
  1. #!/bin/bash
  2. RELOAD_NGINX=0
  3. ## Variables
  4. CSI="\033["
  5. CEND="${CSI}0m"
  6. CRED="${CSI}1;31m"
  7. CGREEN="${CSI}1;32m"
  8. CYELLOW="${CSI}1;33m"
  9. CBLUE="${CSI}1;34m"
  10. ## Functions
  11. f_log() {
  12. LOG_TYPE=$1
  13. LOG_MESSAGE=$2
  14. case "${LOG_TYPE}" in
  15. "INF")
  16. echo -e "${CBLUE}[NOTICE] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
  17. ;;
  18. "SUC")
  19. echo -e "${CGREEN}[SUCCESS] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
  20. ;;
  21. "WRN")
  22. echo -e "${CYELLOW}[WARNING] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
  23. ;;
  24. "ERR")
  25. echo -e "${CRED}[ERROR] $(date +%Y/%m/%d-%H:%M:%S) ${LOG_MESSAGE}${CEND}"
  26. ;;
  27. esac
  28. }
  29. f_check_certs() {
  30. LIST_DOMAINS=$(ls /etc/nginx/ssl/certificates | grep .crt | grep -v issuer | sed 's|.crt||g')
  31. for domain in ${LIST_DOMAINS}; do
  32. CERTFILE=/etc/nginx/ssl/certificates/${domain}.crt
  33. KEYFILE=/etc/nginx/ssl/certificates/${domain}.key
  34. SSL_ALGO="$(openssl x509 -text -in ${CERTFILE} | grep "Public Key Algorithm" | awk '{print $4}')"
  35. SSL_SIZE="$(openssl x509 -text -in ${CERTFILE} | grep "Public-Key" | sed 's/^.*(\(.*\) bit)$/\1/')"
  36. if [ "${SSL_ALGO}" == "rsaEncryption" ]; then
  37. SSL_TYPE="rsa${SSL_SIZE}"
  38. elif [ "${SSL_ALGO}" == "id-ecPublicKey" ]; then
  39. SSL_TYPE="ec${SSL_SIZE}"
  40. fi
  41. openssl x509 -checkend 864000 -noout -in "${CERTFILE}"
  42. if [ $? == 0 ]; then
  43. f_log INF "Certificate for ${domain} is good for another 10 days!"
  44. else
  45. f_log INF "Generate New Certificate for ${domain}"
  46. lego -a -m ssl@dryusdan.fr -d ${domain} --path /etc//nginx/ssl --webroot /var/www/letsencrypt/${domain} -k ${SSL_TYPE} run
  47. if [ -e ${CERTFILE} ]; then
  48. RELOAD_NGINX=1
  49. f_log INF "New Certificate for ${domain} generated"
  50. else
  51. f_log ERR "New Certificate for ${domain} not generated"
  52. fi
  53. fi
  54. done
  55. }
  56. f_check_certs
  57. cp -R /etc/nginx/ssl/certificates/xmpp.dryusdan.fr.* /etc/prosody/certs/
  58. systemctl restart prosody.service
  59. if [ ${RELOAD_NGINX} -eq 1 ]; then
  60. nginx -s reload
  61. fi