#!/bin/bash ############################################################# # Script name: renew-cert.sh # Author: Gilles Mouchet (gilles.mouchet@gmail.com # Version: 1.0.0 # Description: Renews certificates that are about to expire # License: GNU GPL v3 # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # Changelog # [1.0.0] - 2026-04-05 # Added: # - resign cert # Project initialization: # - initialization by gilles.mouchet@gmail.com # ############################################################ version=1.0.0 ############################################################ # FUNCTIONS ############################################################ #----------------------------------------------------------- # Display usage usage() { cat << EOF Usage: ./$(basename "$0") options Template script Options: -n, --cn Delete the certificates from DB To find the commonName, use the script ./info-cert.sh -h -h, --help Show this help -v, --version Show script version Examples: Show this help ./$(basename "$0") -h Delete EOF } ############################################################ # MAIN ############################################################ main(){ SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)" ROOT_DIR="$(dirname "$SCRIPT_DIR")" # read library source "$ROOT_DIR/lib/stdlib.sh" # init config init_default init_env init_cred # set color set_color # check if script is run with sudo check_sudo # check if param exist if [ -z "$1" ]; then usage exit 1 fi # read cli parameters while [[ "$#" -gt 0 ]]; do case "$1" in -c|--ca-name) if [[ -z "$2" || "$2" == -* ]]; then msg_error "\nError: Argument missing for option -c or --ca-name.\n" usage exit 1 else CA_CRT=$2.crt CA_KEY=$2.key fi shift 2 ;; -d|--expire-date) if [[ -z "$2" || "$2" == -* ]]; then echo -e "\n${RED}Error: Argument missing for option -d or --expire-date. See ./$(basename "$0") --help${NC}\n" exit 1 elif [[ "$2" =~ ^[0-9]+$ ]] && [ "$2" -ge 1 ] && [ "$2" -le "$DAYS" ]; then if [[ ! -f "$CRT_CA_PATH/$CA_CRT" || ! -f "$KEY_CA_PATH/$CA_KEY" ]]; then msg_error "One or both of the following files are missing:" msg_warn " - $CRT_CA_PATH/$CA_CRT" msg_warn " - $KEY_CA_PATH/$CA_KEY" exit 1 fi expired_date $2 for certData in "${expireDate[@]}"; do COMMON_NAME=$(echo $certData | cut -d"|" -f2 ) echo -e "Signing the certificate with the CA..." openssl x509 -req -in "${CERTS_PATH}/${COMMON_NAME}.csr" \ -CA "$CRT_CA_PATH/$CA_CRT" \ -CAkey "$KEY_CA_PATH/$CA_KEY" \ -CAcreateserial \ -out "${CERTS_PATH}/${COMMON_NAME}.crt" \ -days "$DAYS" \ -extensions req_ext \ -extfile "$CERTS_PATH/${COMMON_NAME}_openssl.cnf" \ -passin pass:$KEY_CA_PASS > /dev/null 2>&1 rc=$? echo -n -e "Result of signing the ${ORANGE}$COMMON_NAME${NC} certificate: " check_rc $rc echo -e "" done fi shift 2 ;; -v|--version) cat << EOF $(basename "$0") $version Copyright (C) 2003 - $(date +%Y) Gilles Mouchet EOF exit ;; *|-h|--help) usage exit ;; esac done } main "$@"