Letsencrypt for Halon

letsencrypt4halon.sh

#!/bin/sh

EMAIL=
MX_HOSTNAME=
SPG_HOSTNAME=
SPG_USERNAME=
SPG_PASSWORD=

. `dirname $0`/`basename $0 .sh`.conf

CERTBOT="certbot -q"
BASE_URL="https://${SPG_USERNAME}:${SPG_PASSWORD}@${SPG_HOSTNAME}"
CERT=/etc/letsencrypt/live/${MX_HOSTNAME}/fullchain.pem
KEY=/etc/letsencrypt/live/${MX_HOSTNAME}/privkey.pem

FLAGFILE=/etc/letsencrypt/live/${MX_HOSTNAME}/deployed
TIMESTAMP=`date --rfc-3339=seconds`
COMMENT="${MX_HOSTNAME} (certbot ${TIMESTAMP})"


if [ ! -d /etc/letsencrypt/accounts ]; then
	$CERTBOT register --agree-tos --email $EMAIL
fi

if [ ! -f $CERT ]; then
	$CERTBOT certonly -d $MX_HOSTNAME --standalone
else
	$CERTBOT renew --reuse-key --cert-name $MX_HOSTNAME --standalone
fi

if [ ! -f $CERT -o ! -f $KEY ]; then
	echo "Missing certificate/key"
	exit 1
fi

if [ ! -f $FLAGFILE -o $CERT -nt $FLAGFILE ]; then
	CERT_B64=`cat $CERT $KEY | base64 -w 0`
	PAYLOAD="{\"key\":\"pki__letsencrypt\",\"params\":{\"name\":\"${COMMENT}\", \"key\":\"${CERT_B64}\"}}"
	curl --fail -d "${PAYLOAD}" $BASE_URL/api/v0/configKeySet >/dev/null
	if [ $? -eq 0 ]; then
		echo "Certificate for ${MX_HOSTNAME} updated"
		touch $FLAGFILE
	fi
fi