#!/bin/bash PATH=/usr/local/bin:/usr/local/sbin:/bin:/sbin:/usr/bin:/usr/sbin date echo # it's important to have the time in sync before talking to LE # assuming either an NTP daemon --or-- the DAILY script has been run before echo RE-NEWING RSA CERTIFICATES FOR HTTP-01 echo dehydrated --cron --keep-going echo echo RE-NEWING RSA CERTIFICATES FOR DNS-01 echo dehydrated --cron --keep-going --config /etc/dehydrated/config-dns01 echo echo RE-NEWING ECDSA CERTIFICATES FOR HTTP-01 echo dehydrated --cron --keep-going --algo prime256v1 --out /etc/dehydrated/certs/ECC echo echo RE-NEWING ECDSA CERTIFICATES FOR DNS-01 echo dehydrated --cron --keep-going --algo secp384r1 --out /etc/dehydrated/certs/ECC --config /etc/dehydrated/config-dns01 echo # we could otherwise consider reloading only if there's a new cert with hooks # but this doesn't harm much and we are cleaning up old certs only thereafter echo RELOADING DAEMONS echo [[ -x `which postfix` ]] && script --return --command "postfix reload" --append /var/log/typescript.log && echo postfix reloaded [[ -x `which dovecot` ]] && dovecot reload && echo dovecot reloaded [[ -x `which nginx` ]] && nginx -s reload && echo nginx reloaded echo echo CLEANING-UP UNUSED CERTS echo dehydrated --cleanup dehydrated --cleanup --config /etc/dehydrated/config-dns01 echo echo ACTIVE CERTIFICATES echo vhosts=`cut -f1 -d ' ' /etc/dehydrated/domains-* | sed -r 's/\*/wildcard/'` # requires https://github.com/matteocorti/check_ssl_cert for vhost in $vhosts; do #echo certificate for $vhost #tmp=`echo Q | openssl s_client -connect $vhost:443 -servername $vhost 2>/dev/null` #echo "$tmp" | openssl x509 -noout -text | grep -A2 Validity #echo "$tmp" | openssl x509 -noout -text | grep DNS: #echo #unset tmp echo $vhost echo "(check disabled)" #check_ssl_cert -H $vhost echo done; unset vhost unset vhosts echo echo RE-SIGNING DNS ZONES echo dns01zones=`cut -f1 -d ' ' /etc/dehydrated/domains-dns01 | grep -E '^[a-z0-9]'` for zone in $dns01zones; do echo zone $zone echo # self-verbose /etc/nsd/sign.ksh $zone echo done; unset zone unset dns01zones if [[ -x `which opendkim` ]]; then echo DKIM STATS echo stats=/var/tmp/dkim-stats.`date +%s` opendkim-stats /run/opendkim/stats > stats && echo wrote to $stats unset stats echo fi # save some space [[ -f /etc/debian_version ]] && apt clean date