letsencrypt-tools/bin/letsencrypt-del.sh
2022-04-20 12:08:00 -07:00

86 lines
1.8 KiB
Bash

#!/bin/bash
# must be root
if [ "$USER" != "root" ]; then
exec sudo -u root $0 $@
fi
help()
{
thisfilename=$(basename -- "$0")
echo "Delete an existing Let's Encrypt certificate."
echo ""
echo "Usage: $thisfilename cert-name(domain) [OPTIONS]"
echo ""
echo " -h Print this help."
echo " -r Revoke cert from Let's Encrypt before deleting files."
exit
}
# check for and set domain
if [ -n "$1" ]; then
if [ $1 == "-h" ]; then
help
else
domain=$1
shift
# basic but good enough domain name regex validation
if [[ ! $domain =~ ^(([a-zA-Z](-?[a-zA-Z0-9])*)\.)+[a-zA-Z]{2,}$ ]] ; then
echo "ERROR: Invalid domain name: $1"
exit 1
fi
fi
else
help
fi
# set any options that were passed
while getopts "hr" opt; do
case "${opt}" in
h )
help
exit;;
r )
revoke=true
;;
\? )
echo "Invalid option: $OPTARG" 1>&2
exit;;
: )
echo "Invalid option: $OPTARG requires an argument" 1>&2
exit;;
esac
done
# start by checking if the renewal config exits
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
if [[ "$revoke" = "true" ]]; then
certbot revoke --cert-path /etc/letsencrypt/live/$domain/fullchain.pem
fi
if test -f "/etc/letsencrypt/renewal/$domain.conf"; then
rm "/etc/letsencrypt/renewal/$domain.conf"
fi
if test -d "/etc/letsencrypt/live/$domain"; then
rm -r "/etc/letsencrypt/live/$domain"
fi
if test -d "/etc/letsencrypt/archive/$domain"; then
rm -r "/etc/letsencrypt/archive/$domain"
fi
if test -f "/etc/ssl/letsencrypt/$domain.pem"; then
rm "/etc/ssl/letsencrypt/$domain.pem";
fi
if test -h "/etc/ssl/letsencrypt/mail.$domain.pem"; then
rm "/etc/ssl/letsencrypt/mail.$domain.pem";
fi
else
echo "Did not find cert for $domain."
fi