mirror of
https://github.com/myvesta/vesta.git
synced 2024-11-20 20:40:08 -08:00
100 lines
4.0 KiB
Bash
Executable File
100 lines
4.0 KiB
Bash
Executable File
#!/bin/bash
|
|
# info: update letsencrypt ssl certificates
|
|
# options: NONE
|
|
#
|
|
# The function for renew letsencrypt expired ssl certificate for all users
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Variable&Function #
|
|
#----------------------------------------------------------#
|
|
|
|
# Importing system enviroment as we run this script
|
|
# mostly by cron wich not read it by itself
|
|
source /etc/profile
|
|
|
|
# Includes
|
|
source $VESTA/func/main.sh
|
|
source $VESTA/conf/vesta.conf
|
|
|
|
|
|
#----------------------------------------------------------#
|
|
# Action #
|
|
#----------------------------------------------------------#
|
|
|
|
lecounter=0
|
|
hostname=$(hostname)
|
|
|
|
echo "[$(date)] : -----------------------------------------------------------------------------------" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
|
|
# Checking user certificates
|
|
for user in $($BIN/v-list-users plain |cut -f 1); do
|
|
USER_DATA=$VESTA/data/users/$user
|
|
|
|
for domain in $(search_objects 'web' 'LETSENCRYPT' 'yes' 'DOMAIN'); do
|
|
|
|
limit_check=1
|
|
fail_counter=$(get_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
|
|
|
# proxy_tpl=$(/usr/local/vesta/bin/v-list-web-domain "$user" "$domain" "shell" | grep 'PROXY:' | cut -d ' ' -f11-)
|
|
# if [ "$proxy_tpl" = "forward" ]; then
|
|
# echo "[$(date)] : $domain is using forward proxy, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
# continue;
|
|
# fi
|
|
|
|
if [[ "$hostname" = "$domain" ]]; then
|
|
if [[ "$fail_counter" -eq 7 ]]; then
|
|
limit_check=0
|
|
fi
|
|
if [[ "$fail_counter" -eq 8 ]]; then
|
|
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
|
send_email_to_admin "LetsEncrypt renewing hostname $hostname" "Warning: hostname $domain failed for LetsEncrypt renewing"
|
|
fi
|
|
fi
|
|
|
|
if [[ "$fail_counter" -ge 7 ]] && [[ "$limit_check" -eq 1 ]]; then
|
|
# echo "$domain failed $fail_counter times for LetsEncrypt renewing, skipping"
|
|
echo "[$(date)] : $domain failed $fail_counter times for LetsEncrypt renewing, skipping" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
continue;
|
|
fi
|
|
crt_data=$(openssl x509 -text -in $USER_DATA/ssl/$domain.crt)
|
|
not_after=$(echo "$crt_data" |grep "Not After" |cut -f 2,3,4 -d :)
|
|
expiration=$(date -d "$not_after" +%s)
|
|
now=$(date +%s)
|
|
seconds_valid=$((expiration - now))
|
|
days_valid=$((seconds_valid / 86400))
|
|
if [[ "$days_valid" -lt 31 ]]; then
|
|
if [ $lecounter -gt 0 ]; then
|
|
sleep 120
|
|
fi
|
|
((lecounter++))
|
|
aliases=$(echo "$crt_data" |grep DNS:)
|
|
aliases=$(echo "$aliases" |sed -e "s/DNS://g" -e "s/,//g")
|
|
aliases=$(echo "$aliases" |tr ' ' '\n' |sed "/^$/d")
|
|
aliases=$(echo "$aliases" |egrep -v "^$domain,?$")
|
|
aliases=$(echo "$aliases" |sed -e ':a;N;$!ba;s/\n/,/g')
|
|
msg=$($BIN/v-add-letsencrypt-domain $user $domain $aliases)
|
|
if [ $? -ne 0 ]; then
|
|
if [[ $msg == *"is suspended" ]]; then
|
|
echo "[$(date)] : SUSPENDED: $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
else
|
|
echo "[$(date)] : $domain $msg" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
echo "$domain $msg"
|
|
fail_counter=$(alter_web_counter "$user" "$domain" 'LETSENCRYPT_FAIL_COUNT')
|
|
echo "[$(date)] : fail_counter = $fail_counter" >> /usr/local/vesta/log/letsencrypt_cron.log
|
|
echo "fail_counter = $fail_counter"
|
|
fi
|
|
fi
|
|
fi
|
|
done
|
|
done
|
|
|
|
#----------------------------------------------------------#
|
|
# Vesta #
|
|
#----------------------------------------------------------#
|
|
|
|
# No Logging
|
|
#log_event "$OK" "$EVENT"
|
|
|
|
exit
|