fbpx

So I have a bunch of SSL-certificates, wildcarded, that is renewing from time to time. And since I hate googing for things ending up without any results anyway, I recently wrote a script that is checking against apache and nginx pid-files if any pem-files in the letsencrypt directory (under /etc/letsencrypt) are newer than the last restart time of the webserver.

If the pid files for apache and nginx are older than the respective pem-file, the script is set to restart the webserver. The script itself has focus on apache, since I still have unmigrated services left in my systems. The below script has been set to email me on such changes, but has been removed from this snippet.

#!/bin/bash

apachePid=/var/run/apache2/apache2.pid
nginxPid=/var/run/nginx.pid

ap=$(which apachectl)
allowSslScan=0
apacheDate=""
if [ -f $apachePid ] ; then
	allowSslScan=1
	apacheDate=$(date -r ${apachePid} "+%s")
	restartCmd="$ap restart"
fi

if [ -f $nginxPid ] ; then
	nginxDate=$(date -r ${nginxPid} "+%s")
	allowSslScan=1
	if [ "" != "$apacheDate" ] ; then
		if [ $nginxDate -gt $apacheDate ] ; then
			echo "Nginx date is newer than apache, will use that instead."
			apacheDate=$nginxDate
		fi
	else
		apacheDate=$nginxDate
	fi
	restartCmd="service nginx restart"
fi

if [ "$allowSslScan" = "1" ] ; then
	requireRestart=0

	if [ -d /etc/letsencrypt/live ] ; then
		pems=$(find /etc/letsencrypt/live -type l)
		for pem in $pems
		do
			realfile=$(readlink -f $pem)
			thisDate=$(date -r $realfile "+%s")
			if [ $thisDate -gt $apacheDate ] ; then
				requireRestart=1
			fi
		done
	fi
	if [ "$requireRestart" = "1" ] ; then
		echo "Chosen restart command: $restartCmd"
		echo "One or more SSL certificates are newer than the current apache2 session. We require a restart!"
		$restartCmd
	fi
fi

By Tornevall

- Stories from Reality - Musician | Bedroom DJ | Tug of War | Photographer | DevOps Thomas blends a passion for music, photography, and technology. With a background in 1990s dance music, his journey evolved from early experiments with FastTracker 2 to becoming a DJ and competitor in tug of war. His creative output includes documenting tug of war competitions across Sweden, while also working as a systems developer focusing on WordPress and e-commerce platforms.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.