bib2html.py: Add incollection bibtype

[shutils.git] / letsencrypt / renewal.sh

#!/bin/sh

set -e

LOGFILE=/var/log/letsencrypt.log

echo "Running on $(date)..." >> ${LOGFILE}

# Check if we have a web server running.
PORT80=$(lsof -ti :80 | wc -l)

# If no web server then start one and open port 80.
if [ $PORT80 = 0 ]; then
  cd /var/www/challenges
  nohup python3 -m http.server 80 > /dev/null 2>&1 &
  #/usr/sbin/iptables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  #/usr/sbin/ip6tables -A INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
fi


cd /etc/ssl/letsencrypt

SUCCESS=0

# Get a updated certificate.
for i in `seq 1 3`; do
  if acme-tiny --account-key account.key --csr domain.csr --acme-dir /var/www/challenges \
       > signed_new.crt 2>> ${LOGFILE}
  then

    wget -q -O chain_new.pem https://letsencrypt.org/certs/lets-encrypt-r3.pem

    # Check that the cert is valid.
    if openssl verify -CAfile chain_new.pem signed_new.crt; then
      mv -f chain_new.pem chain.pem
      mv -f signed_new.crt signed.crt
      cat signed.crt chain.pem > fullchain.pem

      SUCCESS=1
      echo ""
      echo "[Success] Acme tiny successfully renewed certificate." | tee -a ${LOGFILE}
      echo ""

      # Reload services
      for serv in apache nginx dovecot postfix; do
        systemctl is-active --quiet ${serv} && systemctl reload ${serv}
      done

      # No more retries
      break
    else
      echo "[Error] Verification of obtained cert failed." | tee -a ${LOGFILE} >&2
    fi
  else
    # Sleep for max 999 seconds, then try again.
    sleep `tr -cd 0-9 < /dev/urandom | head -c 3`
  fi
done

if [ ${SUCCESS} = 0 ]; then
    echo "[Error] Reached max number of retry attempts." | tee -a ${LOGFILE} >&2
fi


# Stop temp web server and close port 80 if needed.
if [ $PORT80 = 0 ]; then
  #/usr/sbin/iptables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  #/usr/sbin/ip6tables -D INPUT -p tcp --dport 80 -m conntrack --ctstate NEW -j ACCEPT
  pkill -f http.server
fi