2021-03-27 16:15:03 -07:00
|
|
|
#!/bin/bash
|
|
|
|
|
2021-04-14 11:17:00 -07:00
|
|
|
# must be root
|
|
|
|
if [ "$USER" != "root" ]; then
|
2022-04-20 12:08:00 -07:00
|
|
|
exec sudo -u root $0 $@
|
2021-04-14 11:17:00 -07:00
|
|
|
fi
|
|
|
|
|
2021-03-27 16:15:03 -07:00
|
|
|
help()
|
|
|
|
{
|
|
|
|
thisfilename=$(basename -- "$0")
|
|
|
|
echo "Delete an existing Let's Encrypt certificate."
|
|
|
|
echo ""
|
|
|
|
echo "Usage: $thisfilename cert-name(domain) [OPTIONS]"
|
|
|
|
echo ""
|
2022-06-15 12:32:45 -07:00
|
|
|
echo " -h Print this help."
|
|
|
|
echo " -d <domain> Domain (hostname) of the certificate to delete."
|
|
|
|
echo " -r Revoke cert from Let's Encrypt before deleting files."
|
2021-03-27 16:15:03 -07:00
|
|
|
exit
|
|
|
|
}
|
|
|
|
|
2022-06-15 12:32:45 -07:00
|
|
|
# set options
|
|
|
|
while getopts "hd:r" opt; do
|
2021-03-27 16:15:03 -07:00
|
|
|
case "${opt}" in
|
|
|
|
h )
|
|
|
|
help
|
|
|
|
exit;;
|
2022-06-15 12:32:45 -07:00
|
|
|
d ) # domain name (hostname) to create cert for
|
|
|
|
domain=${OPTARG,,}
|
|
|
|
# basic but good enough domain name regex validation
|
|
|
|
if [[ ! $domain =~ ^(([a-zA-Z](-?[a-zA-Z0-9])*)\.)+[a-zA-Z]{2,}$ ]] ; then
|
|
|
|
echo "ERROR: Invalid domain name: $1"
|
|
|
|
exit 1
|
|
|
|
fi
|
|
|
|
;;
|
|
|
|
r ) # revoke
|
2021-03-27 16:15:03 -07:00
|
|
|
revoke=true
|
|
|
|
;;
|
|
|
|
\? )
|
|
|
|
echo "Invalid option: $OPTARG" 1>&2
|
|
|
|
exit;;
|
|
|
|
: )
|
|
|
|
echo "Invalid option: $OPTARG requires an argument" 1>&2
|
|
|
|
exit;;
|
|
|
|
esac
|
|
|
|
done
|
|
|
|
|
2022-06-15 12:32:45 -07:00
|
|
|
# check for domain (hostname)
|
|
|
|
if [[ -z $domain ]]; then
|
|
|
|
echo "domain (hostname) is required"
|
|
|
|
exit
|
|
|
|
fi
|
2021-03-27 16:15:03 -07:00
|
|
|
|
|
|
|
# start by checking if the renewal config exits
|
|
|
|
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
|
|
|
|
|
|
|
|
if [[ "$revoke" = "true" ]]; then
|
|
|
|
certbot revoke --cert-path /etc/letsencrypt/live/$domain/fullchain.pem
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
|
|
|
|
rm "/etc/letsencrypt/renewal/$domain.conf"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -d "/etc/letsencrypt/live/$domain"; then
|
|
|
|
rm -r "/etc/letsencrypt/live/$domain"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -d "/etc/letsencrypt/archive/$domain"; then
|
|
|
|
rm -r "/etc/letsencrypt/archive/$domain"
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -f "/etc/ssl/letsencrypt/$domain.pem"; then
|
|
|
|
rm "/etc/ssl/letsencrypt/$domain.pem";
|
|
|
|
fi
|
|
|
|
|
|
|
|
if test -h "/etc/ssl/letsencrypt/mail.$domain.pem"; then
|
|
|
|
rm "/etc/ssl/letsencrypt/mail.$domain.pem";
|
|
|
|
fi
|
|
|
|
|
|
|
|
else
|
|
|
|
echo "Did not find cert for $domain."
|
|
|
|
fi
|