le/le-renew

#!/usr/bin/env bash

LPATH=( /usr/lib/le "$HOME/.local/lib/le" "lib/le" "lib" )
for l in "${LPATH[@]}"; do
	[[ -f "$l/util" ]] && source "$l/util"
done

usage() {
	while read -r line; do printf '%s\n' "$line"; done <<- EOF
		Usage: le-renew [options] <domain> [domain ...]
		   Options:
		      -c <dir>        # Configuration directory. Default: \$HOME/.acme
		      -t <sec>        # How many seconds till exipration to consider as soon. Default: 259200 (3 days)
		                      # Can be specified multiple time for multi-domain certs.
		      -h              # Show this message.
	EOF
}

main() {
	declare cfg_dir
	declare -a domains le_args

	while (( $# )); do
		case $1 in
			-c)
				cfg_dir=$2
				shift;;

			-t)
				checkend_seconds=$2
				shift;;

			-h)
				usage
				return 0;;

			--)
				shift
				break;;

			*) break;;
		esac

		shift
	done

	set_default cfg_dir "$HOME/.acme"
	set_default checkend_seconds 259200

	certname=$1

	if ! [[ "$certname" ]]; then
		err "Please tell me what to do!"
		return 1
	fi

	if [[ -f "$cfg_dir/domains/$certname/renew.fail" ]]; then
		err "Fail flag exists: $cfg_dir/domains/$certname/renew.fail, not attempting renew."
		return 2
	fi

	if ! openssl x509 -checkend "$checkend_seconds" < "$cfg_dir/domains/$certname/certificate.pem"; then
		if ! (( "${#domains[@]}" )); then
			if [[ -f "$cfg_dir/domains/$certname/renew.cfg" ]]; then
				source "$cfg_dir/domains/$certname/renew.cfg"
			else
				domains=( "$certname" )
			fi
		fi

		for d in "${domains[@]}"; do
			le_args+=( "$d" )
		done

		le-issue "${le_args[@]}"

		if (( $? )); then
			> "$cfg_dir/domains/$certname/renew.fail"
		fi
	fi
}

main "$@"