Creating Auto Renewal Script For Your ISPConfig Pem File (ispserver.pem)

Discussion in 'Programming/Scripts' started by Poliman, May 15, 2018.

  1. Poliman

    Poliman Member

    I was looking for the solution of providing auto renewal for ispserver.pem file without install any additional software. I perform some script, which after add to cron checks date of fullchain.pem and privkey.pem and compare them to default values. These default values each user has to set on his own for privkey.pem and fullchain.pem from convert their dates (enter directory /etc/letsencrypt/live/s1.example.net/ and simple "ls -l") to epoch format using for example https://www.epochconverter.com/:
    Code:
    #!/bin/bash
    
    #This script is developed for renewing cert used by Monit and other applications,
    #which will have provided Let's Encrypt certs
    #add to cronjob each midnight
    #https://www.epochconverter.com/
    
    
    #epoch format of .key and .crt files
    epoch_ispcrt_default=1520924890
    epoch_ispkey_default=1520924890
    
    ispcrt_date_current=`stat -c "%y" /etc/letsencrypt/live/s1.poliman.net/fullchain.pem`
    ispkey_date_current=`stat -c "%y" /etc/letsencrypt/live/s1.poliman.net/privkey.pem`
    
    #epoch format for current files modification dates
    epoch_ispcrt=`date -d "$ispcrt_date_current" +%s`
    epoch_ispkey=`date -d "$ispkey_date_current" +%s`
    
    
    #left value has to be greater than right value
    if [ $epoch_ispcrt -gt $epoch_ispcrt_default ] && [ $epoch_ispkey -gt $epoch_ispkey_default ]
    then
        $epoch_ispcrt_default=$epoch_ispcrt
        $epoch_ispkey_default=$epoch_ispkey
     
        cd /usr/local/ispconfig/interface/ssl
     
        if [ -f "ispserver.pem" ]
        then
            mv ispserver.pem ispserver.pem-`date +"%y-%m-%d-%H:%M:%S"`.bak
        fi
     
        cat ispserver.{key,crt} > ispserver.pem
        chmod 600 ispserver.pem
     
        #restarting required services
        service monit restart
     
        #logging events
        echo "Log-->$(date +%y-%m-%d-%H:%M:%S) File ispserver.pem changed, so script refresh it and restarted services." >> log_file.log
    else
        #log_file.log will be created in path /usr/local/ispconfig/interface/ssl
        echo "Log-->$(date +%y-%m-%d-%H:%M:%S) Compare thinks that variables are even or less, so we don't have to do anything with ispserver.pem." >> log_file.log
    fi 
    But I have a problem with this part:
    if [ $epoch_ispcrt -gt $epoch_ispcrt_default ] && [ $epoch_ispkey -gt $epoch_ispkey_default ]
    then
    $epoch_ispcrt_default=$epoch_ispcrt
    $epoch_ispkey_default=$epoch_ispkey

    I am not sure that "if" line and variable assignment looks properly. I mean there should be "-gt" or maybe ">" and varaibles in quotation mark. Besides left variable should or should not use "$" as preffix in variable assignment below "then".
    Currently script, each time is running by cron, thinks that $epoch_ispcrt is greater than $epoch_ispcrt_default and this same for $epoch_ispkey and $epoch_ispkey_default. Of course in result I have each time (cron runs each midnight) renewed ispserver.pem.
     
    Last edited: May 15, 2018
  2. ahrasis

    ahrasis Well-Known Member

    Despite my comment in another post / thread, I guess running this script via daily cron job should be fine as LE SSL certs are normally renewable after 60 days and before 90 days.

    I think you can also run this script as an additional post-hook to LE script instead of running its own cron if you want to. This suggestion is however based on what I remembered about @florian030 posted some time ago but I could not remember how to.

    You can search to be sure.
     
  3. Poliman

    Poliman Member

    I probably find out what is wrong. Let me explain. At the begin of the script I set manually two variables. Each time when cron runs this script these variables have still old value despite I later update them to new values but it only works one time. I need to find out how to provide to script new date values (in epoch format) assigned to variables for each time when cron run this script. So generally speaking I need to set dynamically these two variables at the beginning of the script.
     
  4. ahrasis

    ahrasis Well-Known Member

    Well, good luck on that.
     

Share This Page