forked from Yannik/qnap-letsencrypt
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathrenew_certificate.sh
executable file
·40 lines (28 loc) · 1.27 KB
/
renew_certificate.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
#!/bin/bash
set -e
export PATH=/opt/QPython2/bin:$PATH
# VARIABLES, replace these with your own.
DOMAIN="www.example.com"
EMAIL="user@example.com"
DIR="$(cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
###########################################
echo DOMAIN = $DOMAIN
echo EMAIL = $EMAIL
echo DIR = $DIR
# do nothing if certificate is valid for more than 30 days (30*24*60*60)
echo "Checking whether to renew certificate on $(date -R)"
[ -s letsencrypt/live/"$DOMAIN"/cert.pem ] && openssl x509 -in letsencrypt/live/"$DOMAIN"/cert.pem -checkend 864000 && exit
echo "Running letsencrypt, Getting/Renewing certificate..."
letsencrypt certonly --rsa-key-size 4096 --renew-by-default --webroot --webroot-path "/share/Web/" -d $DOMAIN -t --agree-tos --email $EMAIL --config-dir $DIR/letsencrypt
#domain changed? e.g. aaa.com => bbb.com
# add parameter "--force-renewal" to above command.
echo "...Success!"
echo "Stopping stunnel and setting new stunnel certificates..."
/etc/init.d/stunnel.sh stop
echo "live directory = " letsencrypt/live/"$DOMAIN"
cd letsencrypt/live/"$DOMAIN"
cat privkey.pem cert.pem > /etc/stunnel/stunnel.pem
cp chain.pem /etc/stunnel/uca.pem
echo "Done! Service startup and cleanup will follow now..."
/etc/init.d/stunnel.sh start
/etc/init.d/Qthttpd.sh restart