-
Notifications
You must be signed in to change notification settings - Fork 25
/
tomcat-letsencrypt-autorenew.sh
72 lines (63 loc) · 2.33 KB
/
tomcat-letsencrypt-autorenew.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/bash
set -ex
DOMAIN=""
TOMCAT_KEY_PASS=""
CERTBOT_BIN="/usr/local/bin/certbot-auto"
EMAIL_NOTIFICATION="email_address"
# Install certbot
install_certbot () {
if [[ ! -f /usr/local/bin/certbot-auto ]]; then
wget https://dl.eff.org/certbot-auto -P /usr/local/bin
chmod a+x $CERTBOT_BIN
fi
}
# Attempt cert renewal:
renew_ssl () {
${CERTBOT_BIN} renew > /tmp/crt.txt
cat /tmp/crt.txt | grep "No renewals were attempted"
if [[ $? -eq "0" ]]; then
echo "Cert not yet due for renewal"
exit 0
else
# Create Letsencypt ssl dir if doesn't exist
echo "Renewing ssl certificate..."
# create a PKCS12 that contains both your full chain and the private key
rm -f /tmp/${DOMAIN}_fullchain_and_key.p12 2>/dev/null
openssl pkcs12 -export -out /tmp/${DOMAIN}_fullchain_and_key.p12 \
-passin pass:$TOMCAT_KEY_PASS \
-passout pass:$TOMCAT_KEY_PASS \
-in /etc/letsencrypt/live/$DOMAIN/fullchain.pem \
-inkey /etc/letsencrypt/live/$DOMAIN/privkey.pem \
-name tomcat
fi
}
# Convert that PKCS12 to a JKS
rm -f /etc/ssl/${DOMAIN}.jks 2>/dev/null
keytool -importkeystore -deststorepass $TOMCAT_KEY_PASS -destkeypass $TOMCAT_KEY_PASS \
-destkeystore /etc/ssl/${DOMAIN}.jks -srckeystore /tmp/${DOMAIN}_fullchain_and_key.p12 \
-srcstoretype PKCS12 -srcstorepass $TOMCAT_KEY_PASS \
-alias tomcat
# Send email notification on completion
send_email_notification () {
if [[ $? -eq "0" ]]; then
echo " Retarting tomcat server"
systemctl restart tomcat
if [[ $? -eq "0" ]]; then
echo "" > /tmp/success
echo "Letsencrypt ssl certificate for $DOMAIN successfully renewed by cron job." >> /tmp/success
echo "" >> /tmp/success
echo "Tomcat successfully restarted after renewal" >> /tmp/success
mail -s "$DOMAIN Letsencrypt renewal" $EMAIL_NOTIFICATION < /tmp/success
else
echo "" > /tmp/failure
echo "Letsencrypt ssl certificate for $DOMAIN renewal by cron job failed." >> /tmp/failure
echo "" >> /tmp/failure
echo "Try again manually.." >> /tmp/failure
mail -s "$DOMAIN Letsencrypt renewal" $EMAIL_NOTIFICATION < /tmp/failure
fi
fi
}
# Main
install_certbot
renew_ssl
send_email_notification