iankelling.org Git - distro-setup/blob - filesystem/etc/cron.daily/check-lets-encrypt-ssl-settings

   1 #!/bin/bash
   2 # Copyright (C) 2016 Ian Kelling
   3
   4 # Licensed under the Apache License, Version 2.0 (the "License");
   5 # you may not use this file except in compliance with the License.
   6 # You may obtain a copy of the License at
   7
   8 #     http://www.apache.org/licenses/LICENSE-2.0
   9
  10 # Unless required by applicable law or agreed to in writing, software
  11 # distributed under the License is distributed on an "AS IS" BASIS,
  12 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  13 # See the License for the specific language governing permissions and
  14 # limitations under the License.
  15
  16 source ~/.bashrc
  17
  18 set -eE -o pipefail
  19 trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
  20
  21 if [[ ! -e /dev/shm/iank-status ]]; then
  22   exit 0
  23 fi
  24 eval $(< /dev/shm/iank-status)
  25
  26 if [[ $HOSTNAME != "$MAIL_HOST" || $HOST2 && $HOST2 != "$HOSTNAME" ]]; then
  27   exit 0
  28 fi
  29
  30 lock_file=/tmp/check-lets-encrypt-ssl-settings
  31 if [[ -e $lock_file ]]; then
  32   exit 0
  33 fi
  34
  35 d=/a/opt/certbot
  36 gitget https://github.com/certbot/certbot.git $d &>/tmp/${0##*/}.log
  37 cd $d
  38
  39 f=certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
  40 out=$(git log -p --since 2020-04-06 $f)
  41
  42 if [[ $out ]]; then
  43   cat <<EOF
  44 Let's encrypt has new ssl settings.
  45 1. edit mail-setup and web-conf
  46 2. Update servers
  47 3. edit the date in $0
  48 4. rm $lock_file
  49 The change is:
  50 $out
  51 EOF
  52   touch $lock_file
  53 fi