#!/bin/bash
# Author: royoy
# Desc: check the valid time of your domainName cer
# Eg: bash apply_ssl_cer.sh /etc/nginx/ssl/xxxx.com.crt
openssl_bin="$(which openssl)"
current_time="$(/usr/bin/date "+%Y %m %d %H %M %S")"
cer_crt="${1:?请输入crt证书路径}"
update_before_days="7"
cer_exp_time_eng="$($openssl_bin x509 -noout -dates -in $cer_crt | awk -F"[=GMT]" '/notAfter/{print $2}')"
cer_exp_time_common="$(date "+%Y %m %d %H %M %S" -d "$cer_exp_time_eng")"
valid_time="$(awk 'BEGIN{exp_time=mktime("'"$cer_exp_time_common"'");cur_time=mktime("'"$current_time"'");days=(exp_time-cur_time)/86400;print days}')"
if [ $(echo "$valid_time <= $update_before_days" | bc) -eq 1 ];then
/etc/init.d/nginx stop
"/root/.acme.sh"/acme.sh --cron --home "/root/.acme.sh" --force &> /root/renew_ssl.log
/etc/init.d/nginx start
else
echo "当前证书[$cer_crt]有效天数: $valid_time 无需更新"
fi