v-update-letsencrypt-ssl 3.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293
  1. #!/bin/bash
  2. # info: update letsencrypt ssl certificates
  3. # options: NONE
  4. #
  5. # The function for renew letsencrypt expired ssl certificate for all users
  6. #----------------------------------------------------------#
  7. # Variable&Function #
  8. #----------------------------------------------------------#
  9. # Importing system enviroment as we run this script
  10. # mostly by cron wich not read it by itself
  11. source /etc/profile
  12. # Includes
  13. source $VESTA/func/main.sh
  14. source $VESTA/conf/vesta.conf
  15. #----------------------------------------------------------#
  16. # Action #
  17. #----------------------------------------------------------#
  18. lecounter=0
  19. hostname=$(hostname)
  20. echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
  21. # Checking user certificates
  22. for user in $($BIN/v-list-users plain |cut -f 1); do
  23. USER_DATA=$VESTA/data/users/$user
  24. for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
  25. limit_check=1
  26. fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
  27. if [[ "$hostname" = "$domain" ]]; then
  28. if [[ "$fail_counter" -eq 7 ]]; then
  29. limit_check=0
  30. fi
  31. if [[ "$fail_counter" -eq 8 ]]; then
  32. fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
  33. send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
  34. fi
  35. fi
  36. if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
  37. # echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
  38. echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
  39. continue;
  40. fi
  41. crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
  42. not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
  43. expiration=$(date -d "$not_after" +%s)
  44. now=$(date +%s)
  45. seconds_valid=$((expiration - now))
  46. days_valid=$((seconds_valid / 86400))
  47. if [[ "$days_valid" -lt 31 ]]; then
  48. if [ $lecounter -gt 0 ]; then
  49. sleep 120
  50. fi
  51. ((lecounter++))
  52. aliases=$(echo "$crt_data" |grep DNS:)
  53. aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
  54. aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
  55. aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
  56. aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
  57. msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
  58. if [ $? -ne 0 ]; then
  59. if [[ $msg == *"is suspended" ]]; then
  60. echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
  61. else
  62. echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
  63. echo "$domain $msg"
  64. fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
  65. echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
  66. echo "fail_counter = $fail_counter"
  67. fi
  68. fi
  69. fi
  70. done
  71. done
  72. #----------------------------------------------------------#
  73. # Vesta #
  74. #----------------------------------------------------------#
  75. # No Logging
  76. #log_event "$OK" "$EVENT"
  77. exit