fixed renewal script (#6 )

Reviewed-on: #6
Added freeipa configuration to renewal script (#5 )
2025-07-24 15:33:12 -05:00 · 2025-03-30 00:04:59 -05:00
1 changed files with 22 additions and 2 deletions
--- a/files/certbot-renewal.sh
+++ b/files/certbot-renewal.sh
@ -1,10 +1,28 @@
 #! /bin/bash
+#should probably add logic to only halt/reload once (and only if necessary)
+function halt() {
+    #stop services if necessary
+    if [ -d /var/lib/ipa/ ]
+    then
+        #stop httpd
+        systemctl stop httpd
+    fi
+}
 function reload() {
    #reload/restart relevant services
    if [ -d /etc/nginx/certs/ ]
    then
        systemctl reload nginx
    fi
+    if [ -d /var/lib/ipa/ ]
+    then
+        #restart httpd
+        systemctl start httpd
+        /scripts/setup-le.sh
+        systemctl restart httpd
+        #load cert
+    fi
+
 }

 dom=`date +%d`
@ -21,8 +39,9 @@ do
    if [[ $today > $expires ]]
    then
        echo Certificate for $f is expired, renewing >> $log
+        halt
        certbot renew --cert-name $f >> /var/log/certbot-renewal.log
-        reload()
+        reload
        continue
    fi
    #convert hostname into day of month between 0 and 28 to renew on specific day of month (reduce chance of running out of cert renewals)
@ -34,8 +53,9 @@ do
        if [[ $dom -eq $rdate ]]
        then
            echo Date falls within renewal window for $f, attempting renewal >> $log
+            halt
            certbot renew --cert-name $f >> $log
-            reload()
+            reload
            break
        fi
    done
Author	SHA1	Message	Date
Jayne Passmore	51b9c6bc70	fixed renewal script (#6 ) Reviewed-on: #6	2025-07-24 15:33:12 -05:00
Beth	a6d9fe7aaf	Added freeipa configuration to renewal script (#5 ) Reviewed-on: #5 Co-authored-by: Beth <ejparker@actcur.com> Co-committed-by: Beth <ejparker@actcur.com>	2025-03-30 00:04:59 -05:00