Script para reiniciar nginx cuando han caducado los certificados de letsencrypt

Published by admin on

Últimamente estoy de scripts para automatizar mi vida de sysadmin ;) aquí os dejo otro que comprueba si se han renovado los certificados y reinicia nginx en caso de que si haya ocurrido

# vi /root/scripts/check_certificates2.sh

#!/bin/bash

ADMIN_MAIL=""
DOMAINS=($(nginx -T |grep server_name |grep ";" |grep -v "#" |awk '{print $2}' |sed 's/;//' |grep -v "_" | sort -u))
CHECK_DIR="/root/scripts/check_domains"
REBOOT_NGINX=0

mkdir -p ${CHECK_DIR}

for i in "${DOMAINS[@]}"
do
   if [[ -f ${CHECK_DIR}/$i ]]; then
       OLD=`cat ${CHECK_DIR}/$i |awk '{print $1}'`
       CURRENT=`sha1sum /etc/letsencrypt/live/${i}/cert.pem |awk '{print $1}'`
       if [[ ${OLD} != ${CURRENT} ]]; then
           echo "hashes don't match for domain ${i}, please restart nginx"
           REBOOT_NGINX=1
           sha1sum /etc/letsencrypt/live/${i}/cert.pem > ${CHECK_DIR}/$i
       fi
   else
       if [[ -f /etc/letsencrypt/live/${i}/cert.pem ]]; then
           sha1sum /etc/letsencrypt/live/${i}/cert.pem > ${CHECK_DIR}/$i
       else
           echo "Domain ${i} has no certificate file"
       fi
   fi
done

if [[ ${REBOOT_NGINX} == "1" ]]; then
    echo "I reboot nginx due there are changes on certificates"
    service nginx restart
fi

Luego hago que se ejecute cada 10 minutos y listos

# vi /etc/crontab
*/10 *  * * *   root    /root/scripts/check_certificates2.sh

2 Comments

  1. certbot ya trae un directorio especial para eso:

    cd /etc/letsencrypt/renewal-hooks/post/
    cat reinicia-servidor.sh

    #!/bin/bash
    service nginx restart

    Respon

Deixa un comentari

L'adreça electrònica no es publicarà. Els camps necessaris estan marcats amb *

This site uses Akismet to reduce spam. Learn how your comment data is processed.