-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathcertcheck
31 lines (25 loc) · 888 Bytes
/
certcheck
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/bin/sh
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# List all directories in Let's Encrypt certificate directory - this translates a list of URLs
URLS="$(find /etc/ssl/letsencrypt -type d -name '*.*' -exec basename {} \;)"
# Iterate over each URL
for URL in $URLS
do
# Get the currently active cert issue date
ACTIVECERT=`echo | openssl s_client -connect 127.0.0.1:443 -servername $URL 2>/dev/null | openssl x509 -noout -startdate`
# Location of the certificate files
SOURCE="/etc/ssl/letsencrypt/$URL"
# Get the current file cert issue date
NEWCERT=`cat $SOURCE/cert.pem | openssl x509 -noout -startdate`
# Check if certificate has been updated
if [ "$ACTIVECERT" != "$NEWCERT" ]
then
# If it has, trigger a reload
RELOAD="true"
fi
done
# Only reload once, if needed
if [ "$RELOAD" = "true" ]
then
service apache2 reload
fi