|
@@ -1,22 +1,10 @@
|
1
|
1
|
#!/bin/bash
|
2
|
2
|
set -o errexit
|
3
|
3
|
# Renew all live certificates with LetsEncrypt. This needs to run at least
|
4
|
|
-# once every three months.
|
|
4
|
+# once every three months, but recommanded frequency is once a day.
|
5
|
5
|
|
6
|
|
-# Given a certificate file returns "domain1,domain2"
|
7
|
|
-# https://community.letsencrypt.org/t/help-me-understand-renewal-config/7115
|
8
|
|
-function getDomains() {
|
9
|
|
- openssl x509 -text -in "$1" |
|
10
|
|
- grep -A1 "Subject Alternative Name:" | tail -n1 |
|
11
|
|
- tr -d ' ' | tr -d 'DNS:'
|
12
|
|
-}
|
13
|
|
-
|
14
|
|
-service apache2 stop
|
15
|
|
-for c in $(find /etc/letsencrypt/live/ -mindepth 1 -type d); do
|
16
|
|
- domains=$(getDomains "$c"/cert.pem)
|
17
|
|
- /root/letsencrypt/letsencrypt-auto --renew certonly -c /etc/letsencrypt/cli.conf --domains=$domains
|
18
|
|
-done
|
19
|
|
-service apache2 start
|
|
6
|
+/root/letsencrypt/letsencrypt-auto renew --pre-hook="service apache2 stop" --post-hook="service apache2 start" \
|
|
7
|
+ -c /etc/letsencrypt/cli.conf
|
20
|
8
|
|
21
|
9
|
# Services that rely on LE certificates may need restarted and/or other actions.
|
22
|
10
|
for script in $(find /etc/letsencrypt/postrenew/ -maxdepth 1 -type f -executable); do
|