diff --git a/bin/letsencrypt-get.sh b/bin/letsencrypt-get.sh new file mode 100755 index 0000000..0da88e8 --- /dev/null +++ b/bin/letsencrypt-get.sh @@ -0,0 +1,84 @@ +#!/bin/bash +# +# letsencrypt-tools +# https://git.stack-source.com/msb/letsencrypt-tools +# Copyright (c) 2022 Matthew Saunders Brown +# GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) +# +# must be root +if [ "$USER" != "root" ]; then + exec sudo -u root $0 $@ +fi + +help() +{ + thisfilename=$(basename -- "$0") + echo "$thisfilename" + echo "Get Let's Encrypt certificate info." + echo "" + echo "Usage: $thisfilename [-d ] [-c] [-h]" + echo "" + echo " -h Print this help." + echo " -d Domain (hostname) to get certificate info for." + echo " -c CVS - Output in cvs format, instead of tabbed table." + exit +} + +# set options +while getopts "hd:c" opt; do + case "${opt}" in + h ) + help + exit;; + d ) # domain name (hostname) to get cert for + domain=${OPTARG,,} + ;; + c ) # cvs - output in cvs format + cvs=true + ;; + \? ) + echo "Invalid option: $OPTARG" 1>&2 + exit;; + : ) + echo "Invalid option: $OPTARG requires an argument" 1>&2 + exit;; + esac +done + +# create newline var +NL=$'\n' + +if [[ -n $domain ]]; then + if [[ -f /etc/ssl/letsencrypt/$domain.pem ]]; then + certificateArray=($domain.pem) + else + echo "ERROR: Certificate for $domain not found" + exit 1 + fi +else + if [[ -d /etc/ssl/letsencrypt/ ]]; then + certificateArray=(`ls -1 /etc/ssl/letsencrypt/`) + else + echo "ERROR: Certificate directory /etc/ssl/letsencrypt/ does not exist" + exit 1 + fi +fi + +# certificate common start end alternative +output="certificate,common,start,end,alternative" + +for certificate in "${certificateArray[@]}" +do + common=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Subject: CN ="|cut -d = -f 2|xargs) + start=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Not Before:"|cut -d : -f 2-|xargs) + end=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "Not After"|cut -d : -f 2-|xargs) + alternative=$(openssl x509 -noout -text -in /etc/ssl/letsencrypt/$certificate |grep "DNS:"|sed 's|DNS:||g'|sed 's|,||g'|xargs) + output="$output${NL}$certificate,$common,$start,$end,$alternative" +done +if [[ $output != "certificate,common,start,end,alternative" ]]; then + if [[ $cvs ]]; then + echo "$output" + else + echo "$output" | column -t -s , + fi +fi