letsencrypt-renew

#!/usr/bin/env bash
##
## letsencrypt-renew
##
## This script requests new certificates for each domain present in the live
## directory.
##
## Source: https://flippingbinary.com
##
## Copyright 2017 Jonathan Musselwhite
##
## Permission is hereby granted, free of charge, to any person obtaining a copy
## of this software and associated documentation files (the "Software"), to
## deal in the Software without restriction, including without limitation the
## rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
## sell copies of the Software, and to permit persons to whom the Software is
## furnished to do so, subject to the following conditions:
##
## The above copyright notice and this permission notice shall be included in
## all copies or substantial portions of the Software.
##
## THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
## IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
## FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
## AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
## LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
## OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
## THE SOFTWARE.
##
###

###### CHECK SETTINGS ######
MAIN_DIR=/etc/ssl/letsencrypt
###### CHECK SETTINGS ######
[ -f /etc/default/letsencrypt-tlsa ] && . /etc/default/letsencrypt-tlsa

# Attempt to renew every certificate in live directory which expires in less
# than three weeks.
for file in "${MAIN_DIR}/live"/*; do
  if ! openssl x509 -checkend 2592000 -noout -in ${file}/cert.pem
  then
    /usr/local/sbin/letsencrypt-request $(basename $file)
    /usr/local/sbin/letsencrypt-install $(basename $file)
  fi
  if ! openssl x509 -checkend 2592000 -noout -in ${file}/cert.pem
  then
    echo "Certificate renewal failed! Check status of $(basename $file)!"
  fi
done