# cat crt-update.sh #! /bin/sh # Let's Encrypt Certificate renewal script for FreeBSD and acme-client # Copyright (C) by seirios@seirios.org # # Usage: crt-upd.sh [target domains...] ############################################################################### : ${DEBUG:=0} : ${FORCE:=0} ACME_BASE=/home/seirios/htdocs/acme OPTS="-bnN" DOPTS=""; [ ${DEBUG} -ne 0 ] && DOPTS="-v" FOPTS=""; [ ${FORCE} -ne 0 ] && FOPTS="-F" ACCKEY=${ACME_BASE}/SSL/privkey.pem SSL=${ACME_BASE}/SSL CHALLENGE=${ACME_BASE}/WWW DOMAINSFILE=${ACME_BASE}/domains.txt UID=`id -u` [ ${UID} -ne 0 ] && echo "Must run on root/UID=0" && exit if [ ${DEBUG} -ne 0 ]; then ECHO="/bin/echo" else ECHO="" fi if [ ${#} -eq 0 ]; then DOMAINS=`cat "${DOMAINSFILE}" | sed 's/[#|].*$//' | while read DOMAIN line ; do echo -n "${DOMAIN} " done` else DOMAINS=${@} fi [ ${DEBUG} -ne 0 ] && /bin/echo "Target domain: ${DOMAINS}" for i in ${DOMAINS}; do echo "Getting ${i} Certificates" DOMKEY=/home/seirios/htdocs/acme/SSL/$i/privkey.pem [ ! -d ${SSL}/${i} ] && ${ECHO} mkdir ${SSL}/${i} [ ! -d ${CHALLENGE}/${i} ] && ${ECHO} mkdir ${CHALLENGE}/${i} ${ECHO} acme-client ${OPTS} ${DOPTS} ${FOPTS} -k ${DOMKEY} -f ${ACCKEY} -C ${CHALLENGE}/${i} -c ${SSL}/${i} ${i} case $? in 0) echo "${i} is updated" ;; 1) echo "${i} is troubled" ;; 2) echo "${i} is not need to update" ;; esac done ############################################################################### # # Settings. # Requirement: FreeBSD and acme-client # # ToDo # - Change DEBUG/FORCE controll from environment variable to command # line options. # # Version History # # ver: 0.1 Initial revision. # 0.2 Add DEBUG initializer and FORCE initializer. # Display acme-client status. # ex. DEBUG=1 FORCE=1 crt-upd.sh #