Últimamente estoy de scripts para automatizar mi vida de sysadmin ;) aquí os dejo otro que comprueba si se han renovado los certificados y reinicia nginx en caso de que si haya ocurrido
# vi /root/scripts/check_certificates2.sh
#!/bin/bash
ADMIN_MAIL=""
DOMAINS=($(nginx -T |grep server_name |grep ";" |grep -v "#" |awk '{print $2}' |sed 's/;//' |grep -v "_" | sort -u))
CHECK_DIR="/root/scripts/check_domains"
REBOOT_NGINX=0
mkdir -p ${CHECK_DIR}
for i in "${DOMAINS[@]}"
do
if [[ -f ${CHECK_DIR}/$i ]]; then
OLD=`cat ${CHECK_DIR}/$i |awk '{print $1}'`
CURRENT=`sha1sum /etc/letsencrypt/live/${i}/cert.pem |awk '{print $1}'`
if [[ ${OLD} != ${CURRENT} ]]; then
echo "hashes don't match for domain ${i}, please restart nginx"
REBOOT_NGINX=1
sha1sum /etc/letsencrypt/live/${i}/cert.pem > ${CHECK_DIR}/$i
fi
else
if [[ -f /etc/letsencrypt/live/${i}/cert.pem ]]; then
sha1sum /etc/letsencrypt/live/${i}/cert.pem > ${CHECK_DIR}/$i
else
echo "Domain ${i} has no certificate file"
fi
fi
done
if [[ ${REBOOT_NGINX} == "1" ]]; then
echo "I reboot nginx due there are changes on certificates"
service nginx restart
fi
Luego hago que se ejecute cada 10 minutos y listos
# vi /etc/crontab */10 * * * * root /root/scripts/check_certificates2.sh
certbot ya trae un directorio especial para eso:
cd /etc/letsencrypt/renewal-hooks/post/
cat reinicia-servidor.sh
#!/bin/bash
service nginx restart
Muchas gracias! no lo sabía! :)