From 4611ce5407d0882e15d2e15856d6b2184261feca Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Tue, 23 Feb 2016 09:57:01 +0000 Subject: [PATCH] bin/reissue: New script to reissue certificates before they expire. --- bin/reissue | 18 ++++++++++++++++++ config.sh | 1 + 2 files changed, 19 insertions(+) create mode 100755 bin/reissue diff --git a/bin/reissue b/bin/reissue new file mode 100755 index 0000000..32301ef --- /dev/null +++ b/bin/reissue @@ -0,0 +1,18 @@ +#! /bin/sh +set -e +usage="" +. "${0%/*}/../config.sh" +. "$home/lib/lib.sh" + +run_as_user "$@" + +case $# in 0) ;; *) fail_usage ;; esac + +myrc=0 +for tagdir in $home/cert/*; do + tag=${tagdir##*/} cert=$tagdir/full-chain + if openssl x509 -in "$cert" -noout -checkend $certlife; then continue; fi + set +e; $home/bin/make-cert "$tag"; rc=$?; set -e + case $? in 0) ;; *) myrc=$rc ;; esac +done +exit $myrc diff --git a/config.sh b/config.sh index ab184af..d574050 100644 --- a/config.sh +++ b/config.sh @@ -1,3 +1,4 @@ ### -*-sh-*- user=letsencrypt home=$(getent passwd $user | cut -d: -f6) +certlife=$(( 28*86400 )) -- 2.11.0