Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # info: update letsencrypt ssl certificates
- # options: NONE
- #
- # The function for renew letsencrypt expired ssl certificate for all users
- #----------------------------------------------------------#
- # Variable&Function #
- #----------------------------------------------------------#
- # Importing system enviroment as we run this script
- # mostly by cron wich not read it by itself
- source /etc/profile
- # Includes
- source $HESTIA/func/main.sh
- source $HESTIA/conf/hestia.conf
- #----------------------------------------------------------#
- # Action #
- #----------------------------------------------------------#
- # Set LE counter
- lecounter=0
- max_LE_failures=30
- # Checking user certificates
- for user in $($HESTIA/bin/v-list-sys-users plain); do
- USER_DATA=$HESTIA/data/users/$user
- for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
- domain_suspended="$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')"
- if [ "$domain_suspended" = "yes" ]; then
- continue
- fi
- fail_counter="$(get_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
- if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
- continue
- fi
- crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
- not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
- expiration=$(date -d "$not_after" +%s)
- now=$(date +%s)
- seconds_valid=$((expiration - now))
- days_valid=$((seconds_valid / 86400))
- if [[ "$days_valid" -lt 31 ]]; then
- if [ $lecounter -gt 0 ]; then
- sleep 10
- fi
- ((lecounter++))
- aliases=$(echo "$crt_data" |grep DNS:)
- aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
- aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
- aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
- aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
- # Source domain.conf
- source <(cat $HESTIA/data/users/$user/web.conf | grep "DOMAIN='$domain'")
- # Split aliases into array
- IFS=',' read -r -a ALIASES <<< "$ALIAS"
- # Loop through all crt aliases
- for alias in ${aliases//,/ } ; do
- # Validate if the alias still exists in web.conf
- if [[ " ${ALIASES[@]} " =~ " ${alias} " ]]; then
- f_aliases+="$alias,"
- fi
- done
- # Remove leading comma
- if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
- # Write the filtered alias list to the default var
- aliases=$f_aliases
- msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
- if [ $? -ne 0 ]; then
- log_event $E_INVALID "$domain $msg"
- if [ -z "$fail_counter" ]; then
- add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
- fi
- ((fail_counter++))
- update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
- fi
- fi
- done
- for domain in $(search_objects 'mail' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
- domain_suspended="$(get_object_value 'mail' 'DOMAIN' "$domain" '$SUSPENDED')"
- if [ "$domain_suspended" = "yes" ]; then
- continue
- fi
- fail_counter="$(get_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
- if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
- continue
- fi
- crt_data=$(openssl x509 -text -in $USER_DATA/ssl/mail.$domain.crt)
- not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
- expiration=$(date -d "$not_after" +%s)
- now=$(date +%s)
- seconds_valid=$((expiration - now))
- days_valid=$((seconds_valid / 86400))
- if [[ "$days_valid" -lt 31 ]]; then
- if [ $lecounter -gt 0 ]; then
- sleep 10
- fi
- ((lecounter++))
- msg=$($BIN/v-add-letsencrypt-domain $user $domain ' ' yes)
- if [ $? -ne 0 ]; then
- log_event $E_INVALID "$domain $msg"
- if [ -z "$fail_counter" ]; then
- add_object_key "mail" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
- fi
- ((fail_counter++))
- update_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
- fi
- fi
- done
- done
- #----------------------------------------------------------#
- # Hestia #
- #----------------------------------------------------------#
- # No Logging
- #log_event "$OK" "$EVENT"
- exit
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement