Init Lego

Signed-off-by: Georg <georg@lysergic.dev>

2 files changed, 21 insertions, 0 deletions

diff --git a/cron/cron.d/lego b/cron/cron.d/lego
new file mode 100644
index 0000000..c46e967
--- /dev/null
+++ b/cron/cron.d/lego
@@ -0,0 +1,4 @@
+SHELL=/bin/sh
+MAILTO=system@lysergic.dev
+
+30 0 * * * lego /opt/lego/scripts/renew.sh
diff --git a/scripts/sh/lego/renew.sh b/scripts/sh/lego/renew.sh
new file mode 100644
index 0000000..d9d31df
--- /dev/null
+++ b/scripts/sh/lego/renew.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+OUTPUT="nc -N 127.0.0.2 2424"
+echo "#universe ====================" | $OUTPUT
+echo "#universe Starting daily certificate check ..." | $OUTPUT
+. /opt/lego/pdns.env
+for domain in $(/opt/lego/lego --path /etc/ssl/lego list |grep "Certificate Name:" |cut -d ":" -f 2)
+do
+        if [ -f /opt/lego/hooks/$domain.sh ]
+        then
+                /opt/lego/lego -a -m="system@lysergic.dev" -k ec384 --path /etc/ssl/lego --dns.resolvers 127.0.0.3 --dns pdns -d $domain renew --days 45 --renew-hook="/opt/lego/hooks/$domain.sh" |& $OUTPUT
+        else
+                /opt/lego/lego -a -m="system@lysergic.dev" -k ec384 --path /etc/ssl/lego --dns.resolvers 127.0.0.3 --dns pdns -d $domain renew --days 45 |& $OUTPUT
+        fi
+
+done
+echo "#universe OK, finished daily certificate run." | $OUTPUT
+echo "#universe ====================" | $OUTPUT