#!/bin/bash# info: update letsencrypt ssl certificates# options: NONE##

1. #!/bin/bash
2. # info: update letsencrypt ssl certificates
3. # options: NONE
4. #
5. # The function for renew letsencrypt expired ssl certificate for all users
6.  
7.  
8. #----------------------------------------------------------#
9. #                    Variable&Function                     #
10. #----------------------------------------------------------#
11.  
12. # Importing system enviroment  as we run this script
13. # mostly by cron wich not read it by itself
14. source /etc/profile
15.  
16. # Includes
17. source $HESTIA/func/main.sh
18. source $HESTIA/conf/hestia.conf
19.  
20.  
21. #----------------------------------------------------------#
22. #                       Action                             #
23. #----------------------------------------------------------#
24.  
25. # Set LE counter
26. lecounter=0
27. max_LE_failures=30
28.  
29. # Checking user certificates
30. for user in $($HESTIA/bin/v-list-sys-users plain); do
31.     USER_DATA=$HESTIA/data/users/$user
32.  
33.     for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
34.  
35.         domain_suspended="$(get_object_value 'web' 'DOMAIN' "$domain" '$SUSPENDED')"
36.         if [ "$domain_suspended" = "yes" ]; then
37.             continue
38.         fi
39.  
40.         fail_counter="$(get_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
41.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
42.             continue
43.         fi
44.  
45.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
46.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
47.         expiration=$(date -d "$not_after" +%s)
48.         now=$(date +%s)
49.         seconds_valid=$((expiration - now))
50.         days_valid=$((seconds_valid / 86400))
51.         if [[ "$days_valid" -lt 31 ]]; then
52.             if [ $lecounter -gt 0 ]; then
53.                 sleep 10
54.             fi
55.             ((lecounter++))
56.             aliases=$(echo "$crt_data" |grep DNS:)
57.             aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
58.             aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
59.             aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
60.             aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
61.  
62.             # Source domain.conf
63.            source <(cat $HESTIA/data/users/$user/web.conf | grep "DOMAIN='$domain'")
64.  
65.             # Split aliases into array
66.            IFS=',' read -r -a ALIASES <<< "$ALIAS"
67.  
68.             # Loop through all crt aliases
69.            for alias in ${aliases//,/ } ; do
70.                 # Validate if the alias still exists in web.conf
71.                if [[ " ${ALIASES[@]} " =~ " ${alias} " ]]; then
72.                     f_aliases+="$alias,"
73.                 fi
74.             done
75.  
76.             # Remove leading comma
77.            if [[ ${f_aliases: -1} = ',' ]] ; then f_aliases=${f_aliases::-1}; fi
78.  
79.             # Write the filtered alias list to the default var
80.            aliases=$f_aliases
81.  
82.             msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
83.             if [ $? -ne 0 ]; then
84.                 log_event $E_INVALID "$domain $msg"
85.                 if [ -z "$fail_counter" ]; then
86.                     add_object_key "web" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
87.                 fi
88.                 ((fail_counter++))
89.                 update_object_value 'web' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
90.             fi
91.         fi
92.     done
93.  
94.     for domain in $(search_objects 'mail' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
95.  
96.         domain_suspended="$(get_object_value 'mail' 'DOMAIN' "$domain" '$SUSPENDED')"
97.         if [ "$domain_suspended" = "yes" ]; then
98.             continue
99.         fi
100.  
101.         fail_counter="$(get_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT')"
102.         if [[ "$fail_counter" -gt "$max_LE_failures" ]]; then
103.             continue
104.         fi
105.  
106.         crt_data=$(openssl x509 -text -in $USER_DATA/ssl/mail.$domain.crt)
107.         not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
108.         expiration=$(date -d "$not_after" +%s)
109.         now=$(date +%s)
110.         seconds_valid=$((expiration - now))
111.         days_valid=$((seconds_valid / 86400))
112.         if [[ "$days_valid" -lt 31 ]]; then
113.             if [ $lecounter -gt 0 ]; then
114.                 sleep 10
115.             fi
116.             ((lecounter++))
117.             msg=$($BIN/v-add-letsencrypt-domain $user $domain ' ' yes)
118.             if [ $? -ne 0 ]; then
119.                 log_event $E_INVALID "$domain $msg"
120.                 if [ -z "$fail_counter" ]; then
121.                     add_object_key "mail" 'DOMAIN' "$domain" 'LETSENCRYPT_FAIL_COUNT' 'LETSENCRYPT'
122.                 fi
123.                 ((fail_counter++))
124.                 update_object_value 'mail' 'DOMAIN' "$domain" '$LETSENCRYPT_FAIL_COUNT' "$fail_counter"
125.             fi
126.         fi
127.     done
128.  
129. done
130.  
131. #----------------------------------------------------------#
132. #                        Hestia                            #
133. #----------------------------------------------------------#
134.  
135. # No Logging
136. #log_event "$OK" "$EVENT"
137.  
138. exit
139.