From a41e55edf01b75b6eb45c6073cb7f9a5c7381692 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=A7=91=E6=8A=80lion?= <131984541+kejilion@users.noreply.github.com> Date: Fri, 3 May 2024 14:31:17 +0800 Subject: [PATCH] Add files via upload --- auto_cert_renewal-1.sh | 66 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 auto_cert_renewal-1.sh diff --git a/auto_cert_renewal-1.sh b/auto_cert_renewal-1.sh new file mode 100644 index 0000000..bf1a90c --- /dev/null +++ b/auto_cert_renewal-1.sh @@ -0,0 +1,66 @@ +# 定义证书存储目录 +certs_directory="/etc/letsencrypt/live/" + +days_before_expiry=5 # 设置在证书到期前几天触发续签 + +# 遍历所有证书文件 +for cert_dir in $certs_directory*; do + # 获取域名 + domain=$(basename "$cert_dir") + + # 忽略 README 目录 + if [ "$domain" = "README" ]; then + continue + fi + + # 输出正在检查的证书信息 + echo "检查证书过期日期: ${domain}" + + # 获取fullchain.pem文件路径 + cert_file="${cert_dir}/fullchain.pem" + + # 获取证书过期日期 + expiration_date=$(openssl x509 -enddate -noout -in "${cert_file}" | cut -d "=" -f 2-) + + # 输出证书过期日期 + echo "过期日期: ${expiration_date}" + + # 将日期转换为时间戳 + expiration_timestamp=$(date -d "${expiration_date}" +%s) + current_timestamp=$(date +%s) + + # 计算距离过期还有几天 + days_until_expiry=$(( ($expiration_timestamp - $current_timestamp) / 86400 )) + + # 检查是否需要续签(在满足续签条件的情况下) + if [ $days_until_expiry -le $days_before_expiry ]; then + echo "证书将在${days_before_expiry}天内过期,正在进行自动续签。" + + # 停止 Nginx + docker stop nginx + + iptables -P INPUT ACCEPT + iptables -P FORWARD ACCEPT + iptables -P OUTPUT ACCEPT + iptables -F + + ip6tables -P INPUT ACCEPT + ip6tables -P FORWARD ACCEPT + ip6tables -P OUTPUT ACCEPT + ip6tables -F + + # 续签证书 + certbot certonly --standalone -d $domain --email your@email.com --agree-tos --no-eff-email --force-renewal + + # 启动 Nginx + docker start nginx + + echo "证书已成功续签。" + else + # 若未满足续签条件,则输出证书仍然有效 + echo "证书仍然有效,距离过期还有 ${days_until_expiry} 天。" + fi + + # 输出分隔线 + echo "--------------------------" +done