72 lines
1.8 KiB
Bash
72 lines
1.8 KiB
Bash
#!/bin/bash
|
|
|
|
# Script: /usr/local/bin/renew-mail-certs.sh
|
|
|
|
# Set up logging
|
|
LOG_FILE="/var/log/letsencrypt/renewal.log"
|
|
TIMESTAMP=$(date '+%Y-%m-%d %H:%M:%S')
|
|
|
|
# Ensure log directory exists
|
|
mkdir -p "$(dirname "$LOG_FILE")"
|
|
|
|
log() {
|
|
echo "$TIMESTAMP - $1" >> "$LOG_FILE"
|
|
echo "$1"
|
|
}
|
|
|
|
# Function to check if a service is active
|
|
check_service() {
|
|
if systemctl is-active --quiet "$1"; then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Function to restart a service safely
|
|
restart_service() {
|
|
local service=$1
|
|
log "Attempting to restart $service..."
|
|
|
|
if ! check_service "$service"; then
|
|
log "WARNING: $service was not running before restart attempt"
|
|
fi
|
|
|
|
if systemctl restart "$service"; then
|
|
if check_service "$service"; then
|
|
log "$service restarted successfully"
|
|
return 0
|
|
else
|
|
log "ERROR: $service failed to start after restart"
|
|
return 1
|
|
fi
|
|
else
|
|
log "ERROR: Failed to restart $service"
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
# Main execution
|
|
log "Starting certificate renewal process"
|
|
|
|
# Attempt to renew certificates using RFC2136 (BIND9) DNS challenge
|
|
if CERTBOT_LOG_LEVEL=debug certbot renew --force-renewal --preferred-challenges dns --authenticator dns-rfc2136 --dns-rfc2136-credentials /etc/letsencrypt/dns-rfc2136.ini -v; then
|
|
log "Certificates were renewed successfully. Restarting services..."
|
|
|
|
# Restart Postfix
|
|
if ! restart_service postfix; then
|
|
log "CRITICAL: Postfix restart failed"
|
|
fi
|
|
|
|
# Restart Dovecot
|
|
if ! restart_service dovecot; then
|
|
log "CRITICAL: Dovecot restart failed"
|
|
fi
|
|
|
|
log "Service restart completed"
|
|
else
|
|
log "ERROR: Certificate renewal failed"
|
|
exit 1
|
|
fi
|
|
|
|
log "Certificate renewal process completed" |