Fix check-certificates command

1 files changed, 30 insertions, 7 deletions

diff --git a/check-certificates.sh b/check-certificates.sh
index 2212cde..ba9e326 100644
--- a/check-certificates.sh
+++ b/check-certificates.sh
@@ -1,22 +1,45 @@
 #!/bin/env bash
 
 CERTIFICATES_DIR="/srv/certs/"
-LOCAL_CA_CERT="${CERTIFICATES_DIR}/"
+LOCAL_CA_CERT="${CERTIFICATES_DIR}/luffy_local_ca/local_ca.cert"
 
-pushd ${CERTIFICATES_DIR}
+HAS_RENEW_CERT=""
+
+date
+echo -e "Checking certificate validity (NotAfter field)\n"
+
+pushd ${CERTIFICATES_DIR} >/dev/null 2>/dev/null
 for cert in $(find -name "*.cert"); do
-  if openssl x509 -checkend 345600 -noout -in ${cert}; then
-    echo "${cert} will expire in more than 4 days"
+  if openssl x509 -checkend 345600 -noout -in ${cert} > /dev/null; then
+    echo -e "\t✔️ $(basename ${cert}) will expire in more than 4 days"
   else
-    echo "⚠️ ${cert} will expire soon !"
+    echo "⚠️ $(basename ${cert}) will expire soon !"
+    if [ $(basename "$cert") = $(basename "$LOCAL_CA_CERT") ]; then
+      echo -e "\t⛔ I don't renew local CA certificate"
+      continue
+    fi
 
     NEW_CSR=$(echo ${cert} | sed 's/.cert/.csr/')
     CERT_KEY=$(echo ${cert} | sed 's/.cert/.key/')
     CERT_CONFIG=$(echo ${cert} | sed 's/.cert/.conf/')
 
-    @echo "Renewing ${cert}"
-    @echo "Creating new CSR"
+    echo "Renewing ${cert}"
+    echo "Creating new CSR ($NEW_CSR)"
+    echo $cert
+    echo $CERT_KEY
+    echo $CERT_CONFIG
+
     openssl req -new -key ${CERT_KEY} -out $NEW_CSR -config $CERT_CONFIG
     echo "Renewing certificate"
     openssl x509 -req -CA $LOCAL_CA_CERT -CAkey $LOCAL_CA_KEY -in $NEW_CSR -out $cert -days 10 -CAcreateserial -extensions v3_ext -extfile $CERT_CONFIG -sha256
+    HAS_RENEW_CERT="yes"
+  fi
 done
+
+echo -e "\nNo more certificate to check"
+if [ -z $HAS_RENEW_CERT ]; then
+  echo "🔃 Reload nginx certificates"
+  nginx -s reload
+fi
+
+popd >/dev/null 2>/dev/null