Check expire date of existing certs

author Martin Geiseler <hallo@tralafiti.de>

Sun, 6 Dec 2015 12:51:40 +0000 (13:51 +0100)

committer Lukas Schauer <lukas@schauer.so>

Sun, 6 Dec 2015 14:16:36 +0000 (15:16 +0100)
author Martin Geiseler <hallo@tralafiti.de>
Sun, 6 Dec 2015 12:51:40 +0000 (13:51 +0100)
committer Lukas Schauer <lukas@schauer.so>
Sun, 6 Dec 2015 14:16:36 +0000 (15:16 +0100)
diff --git a/letsencrypt.sh b/letsencrypt.sh

index e822df96cbc2da645c9ed365e32f379eb18f10ea..410d59cb008fccea1de5bf773e6cce05c7765efd 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -184,7 +184,18 @@ if [[ "${register}" = "1" ]]; then
    signed_request "${CA}/acme/new-reg" '{"resource": "new-reg", "agreement": "'"$LICENSE"'"}' > /dev/null
  fi
  
-# Generate certificates for all domains found in domain.txt (TODO: check if certificate already exists and is about to expire)
+# Generate certificates for all domains found in domain.txt. Check if existing certificate are about to expire
  <domains.txt sed 's/^\s*//g;s/\s*$//g' | grep -v '^#' | grep -v '^$' | while read -r line; do
+  domain="$(echo $line | cut -d' ' -f1)"
+  if [[ -e "certs/${domain}/cert.pem" ]]; then
+    echo -n "Found existing cert for ${domain}. Expire date ..."
+    set +e; openssl x509 -checkend 1209600 -noout -in "certs/${domain}/cert.pem"; expiring=$?; set -e
+    if [[ ${expiring} -eq 0 ]]; then
+        echo " is not within 2 weeks. Skipping"
+        continue
+    fi
+    echo " is within 2 weeks. Renewing..."
+  fi
+
    sign_domain $line
  done
author	Martin Geiseler <hallo@tralafiti.de>
	Sun, 6 Dec 2015 12:51:40 +0000 (13:51 +0100)
committer	Lukas Schauer <lukas@schauer.so>
	Sun, 6 Dec 2015 14:16:36 +0000 (15:16 +0100)