fuadarradhi · August 16, 2023 15:44
diff --git a/le-renew-haproxy b/le-renew-haproxy
 #!/bin/bash

 web_service='haproxy'
 config_file='/usr/local/etc/le-renew-haproxy.ini'
 http_01_port='54321'
 combined_file="/etc/haproxy/certs/$(domain).pem"

 le_path='/opt/letsencrypt'
 exp_limit=30;

 if [ ! -f $config_file ]; then
        echo "[ERROR] config file does not exist: $config_file"
        exit 1;
 fi

 domain=`grep "^\s*domains" $config_file | sed "s/^\s*domains\s*=\s*//" | sed 's/(\s*)\|,.*$//'`
 cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
 key_file="/etc/letsencrypt/live/$domain/privkey.pem"

 if [ ! -f $cert_file ]; then
 	echo "[ERROR] certificate file not found for domain $domain."
 fi

 exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
 datenow=$(date -d "now" +%s)
 days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)

 echo "Checking expiration date for $domain..."

 if [ "$days_exp" -gt "$exp_limit" ] ; then
 	echo "The certificate is up to date, no need for renewal ($days_exp days left)."
 	exit 0;
 else
 	echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
 	$le_path/letsencrypt-auto certonly --agree-tos --renew-by-default --config $config_file --http-01-port $http_01_port

 	echo "Creating $combined_file with latest certs..."
 	sudo bash -c "cat /etc/letsencrypt/live/$domain/fullchain.pem /etc/letsencrypt/live/$domain/privkey.pem > $combined_file"

 	echo "Reloading $web_service"
 	/usr/sbin/service $web_service reload
 	echo "Renewal process finished for domain $domain"
 	exit 0;
 fi
diff --git a/le-renew-haproxy.ini b/le-renew-haproxy.ini
 # This is an example of the kind of things you can do in a configuration file.
 # All flags used by the client can be configured here. Run Let's Encrypt with
 # "--help" to learn more about the available options.

 # Use a 4096 bit RSA key instead of 2048
 rsa-key-size = 4096

 # Uncomment and update to register with the specified e-mail address
 email = you@example.com

 # Uncomment and update to generate certificates for the specified
 # domains.
 domains = example.com, www.example.com

 # Uncomment to use a text interface instead of ncurses
 # text = True

 # Uncomment to use the standalone authenticator on port 443
 # authenticator = standalone
 standalone-supported-challenges = http-01

 # Uncomment to use the webroot authenticator. Replace webroot-path with the
 # path to the public_html / webroot folder being served by your web server.
 # authenticator = webroot
 # webroot-path = /usr/share/nginx/html
	#!/bin/bash

	web_service='haproxy'
	config_file='/usr/local/etc/le-renew-haproxy.ini'
	http_01_port='54321'
	combined_file="/etc/haproxy/certs/$(domain).pem"

	le_path='/opt/letsencrypt'
	exp_limit=30;

	if [ ! -f $config_file ]; then
	echo "[ERROR] config file does not exist: $config_file"
	exit 1;
	fi

	domain=`grep "^\sdomains" $config_file \| sed "s/^\sdomains\s=\s//" \| sed 's/(\s)\\|,.$//'`
	cert_file="/etc/letsencrypt/live/$domain/fullchain.pem"
	key_file="/etc/letsencrypt/live/$domain/privkey.pem"

	if [ ! -f $cert_file ]; then
	echo "[ERROR] certificate file not found for domain $domain."
	fi

	exp=$(date -d "`openssl x509 -in $cert_file -text -noout\|grep "Not After"\|cut -c 25-`" +%s)
	datenow=$(date -d "now" +%s)
	days_exp=$(echo \( $exp - $datenow \) / 86400 \|bc)

	echo "Checking expiration date for $domain..."

	if [ "$days_exp" -gt "$exp_limit" ] ; then
	echo "The certificate is up to date, no need for renewal ($days_exp days left)."
	exit 0;
	else
	echo "The certificate for $domain is about to expire soon. Starting webroot renewal script..."
	$le_path/letsencrypt-auto certonly --agree-tos --renew-by-default --config $config_file --http-01-port $http_01_port

	echo "Creating $combined_file with latest certs..."
	sudo bash -c "cat /etc/letsencrypt/live/$domain/fullchain.pem /etc/letsencrypt/live/$domain/privkey.pem > $combined_file"

	echo "Reloading $web_service"
	/usr/sbin/service $web_service reload
	echo "Renewal process finished for domain $domain"
	exit 0;
	fi
	# This is an example of the kind of things you can do in a configuration file.
	# All flags used by the client can be configured here. Run Let's Encrypt with
	# "--help" to learn more about the available options.

	# Use a 4096 bit RSA key instead of 2048
	rsa-key-size = 4096

	# Uncomment and update to register with the specified e-mail address
	email = you@example.com

	# Uncomment and update to generate certificates for the specified
	# domains.
	domains = example.com, www.example.com

	# Uncomment to use a text interface instead of ncurses
	# text = True

	# Uncomment to use the standalone authenticator on port 443
	# authenticator = standalone
	standalone-supported-challenges = http-01

	# Uncomment to use the webroot authenticator. Replace webroot-path with the
	# path to the public_html / webroot folder being served by your web server.
	# authenticator = webroot
	# webroot-path = /usr/share/nginx/html