diff --git a/update-mailcow-certs.sh b/update-mailcow-certs.sh new file mode 100755 index 0000000..fd83a6e --- /dev/null +++ b/update-mailcow-certs.sh @@ -0,0 +1,120 @@ +#!/bin/bash +# +# configuration +# +VERSION=0.1 +# +VERBOSE=1 +# send an email, setting default subject... +EMAIL_SUBJ="MailCow cert for $DOMAIN" +# +EMAIL=sysadmin@oerfoundation.org +# Mailcow stuff +DOMAIN=about.oerfoundation.org +MCDIR=/home/docker/mailcow +SSLDIR=data/assets/ssl +MCCA=$MCDIR/$SSLDIR/cert.pem +MCPRIV=$MCDIR/$SSLDIR/key.pem +# Let's Encrypt stuff +LEDIR=/etc/letsencrypt/live/$DOMAIN +LECA=$LEDIR/fullchain.pem +LEPRIV=$LEDIR/privkey.pem +# +# Defaults +LOG=/var/log/$0.log +# +# Automated defaults +# +LS=`which ls` +DATE=`date '+%Y-%m-%d'` +# email program +MAIL=`which mail` +# temporary holding point for email +TMP_EMAIL=/tmp/tmp_email.$0.$DATE_$TIME +# +# Functions +# +# get the file date in seconds since 1970 +getfiledate() { + local DATE=`$LS -l --time-style=+"%s" $@ | cut -d " " -sf 6` + echo $DATE +} +# +# put a message in the log +message() { + # + # a timestamp for logging purposes + local TIMESTAMP=`date '+%Y-%m-%d %H:%M.%S'` + if test $VERBOSE = 1 ; then + echo "$@" + else + echo "$0: $TIMESTAMP $@" >> $LOG + if test -f $TMP_EMAIL ; then + echo "$0: $TIMESTAMP $@" >> $TMP_EMAIL + fi + fi +} +# +# create the temporary email file +create_tmp_email() { + touch $TMP_EMAIL + if test -f $TMP_EMAIL ; then + message "created temporary email $TMP_EMAIL" + else + message "failed to create temporary email $TMP_EMAIL" + fi +} +# +# send the contents of the temporary file to the +# designated report recipient +send_email_report() { + if test -f $TMP_EMAIL ; then + message "sending email report to $EMAIL" + $MAIL -s "$EMAIL_SUBJ" $EMAIL < $TMP_EMAIL + rm $TMP_EMAIL + if test -f $TMP_EMAIL ; then + message "failed to remove temporary email $TMP_EMAIL" + else + message "successfully removed temporary email $TMP_EMAIL" + fi + message "email report successfully sent" + fi +} + + +# get the dates for the files... +MCCA_DATE=$(getfiledate $MCCA) +#MCPRIV_DATE=$(getfiledate $MCPRIV_DATE) +LECA_DATE=$(getfiledate $LECA) +#LEPRIV_DATE=$(getfiledate $LEPRIV_DATE) + +# is the Let's Encrypt CA more recent than that used by Mailcow? +# If so - update the Mailcow ones, reload Mailcow, and alert the webmaster +if (( "$LECA_DATE" > "$MCCA_DATE" )) ; then + create_tmp_email + message "Need to update MailCow certs for $DOMAIN!" + # backup the current files + cp $MCCA $MCCA.${DATE} + cp $MCPRIV $MCPRIV.${DATE} + # now copy over the updated files, dereferencing the Let's Encrypt links + cp -L $LECA $MCCA + cp -L $LEPRIV $MCPRIV + # get the dates for the MailCow certs again: + TIMESTAMP=`date '+%Y-%m-%d %H:%M.%S'` + MCCA_DATE=$(getfiledate $MCCA) + MCPRIV_DATE=$(getfiledate $MCPRIV_DATE) + if (( "$MCCA_DATE" < "$LECA_DATE" && "$MCPRIV_DATE" < "$LECAPRIV_DATE" )) ; then + msg="Updated $MCCA and $MCPRIV at $TIMESTAMP" + EMAIL_SUBJ='Success! '${EMAIL_SUBJ} + else + msg="Failed to update $MCCA and $MCPRIV at $TIMESTAMP" + EMAIL_SUBJ='Failed! '${EMAIL_SUBJ} + fi + message $msg + email $msg + send_email_report +else + message "MailCow certs for $DOMAIN still current..." +fi + +