letsencrypt-tools/bin/letsencrypt-del.sh

83 lines
1.9 KiB
Bash
Raw Normal View History

2021-03-27 16:15:03 -07:00
#!/bin/bash
2021-04-14 11:17:00 -07:00
# must be root
if [ "$USER" != "root" ]; then
exec sudo -u root $0 $@
2021-04-14 11:17:00 -07:00
fi
2021-03-27 16:15:03 -07:00
help()
{
thisfilename=$(basename -- "$0")
echo "Delete an existing Let's Encrypt certificate."
echo ""
echo "Usage: $thisfilename cert-name(domain) [OPTIONS]"
echo ""
2022-06-15 12:32:45 -07:00
echo " -h Print this help."
echo " -d <domain> Domain (hostname) of the certificate to delete."
echo " -r Revoke cert from Let's Encrypt before deleting files."
2021-03-27 16:15:03 -07:00
exit
}
2022-06-15 12:32:45 -07:00
# set options
while getopts "hd:r" opt; do
2021-03-27 16:15:03 -07:00
case "${opt}" in
h )
help
exit;;
2022-06-15 12:32:45 -07:00
d ) # domain name (hostname) to create cert for
domain=${OPTARG,,}
# basic but good enough domain name regex validation
if [[ ! $domain =~ ^(([a-zA-Z](-?[a-zA-Z0-9])*)\.)+[a-zA-Z]{2,}$ ]] ; then
echo "ERROR: Invalid domain name: $1"
exit 1
fi
;;
r ) # revoke
2021-03-27 16:15:03 -07:00
revoke=true
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
exit;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
exit;;
esac
done
2022-06-15 12:32:45 -07:00
# check for domain (hostname)
if [[ -z $domain ]]; then
echo "domain (hostname) is required"
exit
fi
2021-03-27 16:15:03 -07:00
# start by checking if the renewal config exits
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
if [[ "$revoke" = "true" ]]; then
certbot revoke --cert-path /etc/letsencrypt/live/$domain/fullchain.pem
fi
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
rm "/etc/letsencrypt/renewal/$domain.conf"
fi
if test -d "/etc/letsencrypt/live/$domain"; then
rm -r "/etc/letsencrypt/live/$domain"
fi
if test -d "/etc/letsencrypt/archive/$domain"; then
rm -r "/etc/letsencrypt/archive/$domain"
fi
if test -f "/etc/ssl/letsencrypt/$domain.pem"; then
rm "/etc/ssl/letsencrypt/$domain.pem";
fi
if test -h "/etc/ssl/letsencrypt/mail.$domain.pem"; then
rm "/etc/ssl/letsencrypt/mail.$domain.pem";
fi
else
echo "Did not find cert for $domain."
fi