Renew timeframe as config option

diff --git a/config.sh.example b/config.sh.example
index 49b7581f34449fc21b24d6d2fdbac495e6748d0c..ef8a7daf40228b57ff9c6838c57fa003be42cd90 100644 (file)
--- a/config.sh.example
+++ b/config.sh.example
@@ -8,3 +8,6 @@ WELLKNOWN="/var/www/letsencrypt/.well-known/acme-challenge"
 # token; can be used to e.g. upload the challenge if this script doesn't run
 # on the webserver
 #HOOK_CHALLENGE=
+
+# try to renew certs that are within RENEW_DAYS days of there expire date
+#RENEW_DAYS="14"
\ No newline at end of file

diff --git a/letsencrypt.sh b/letsencrypt.sh
index 410d59cb008fccea1de5bf773e6cce05c7765efd..ad2e7bbac56ac211ee29ced5f1e0a0f4cb95fbee 100755 (executable)
--- a/letsencrypt.sh
+++ b/letsencrypt.sh
@@ -8,6 +8,7 @@ set -o pipefail
 CA="https://acme-v01.api.letsencrypt.org"
 LICENSE="https://letsencrypt.org/documents/LE-SA-v1.0.1-July-27-2015.pdf"
 HOOK_CHALLENGE=
+RENEW_DAYS="14"
 KEYSIZE="4096"
 
 . ./config.sh
@@ -189,12 +190,12 @@ fi
   domain="$(echo $line | cut -d' ' -f1)"
   if [[ -e "certs/${domain}/cert.pem" ]]; then
     echo -n "Found existing cert for ${domain}. Expire date ..."
-    set +e; openssl x509 -checkend 1209600 -noout -in "certs/${domain}/cert.pem"; expiring=$?; set -e
+    set +e; openssl x509 -checkend $((${RENEW_DAYS} * 86400)) -noout -in "certs/${domain}/cert.pem"; expiring=$?; set -e
     if [[ ${expiring} -eq 0 ]]; then
-        echo " is not within 2 weeks. Skipping"
+        echo " is not within ${RENEW_DAYS} days. Skipping"
         continue
     fi
-    echo " is within 2 weeks. Renewing..."
+    echo " is within ${RENEW_DAYS} days. Renewing..."
   fi
 
   sign_domain $line