Heavily change how unifi script works

gen-unifi-cert.sh

@@ -5,55 +5,84 @@
 # Last Changed: 2/27/2016
 # 02/02/2016: Fixed some errors with key export/import, removed lame docker requirements
 # 02/27/2016: More verbose progress report
+# 03/08/2016: Add renew option, reformat code, command line options
 
 PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
 
-# The main domain name of your controller
+while getopts "rd:e:" opt; do
-DOMAIN="unifi.xxxx.xxxxx"
+    case $opt in
-
+    r) renew="yes";;
-# Your e-mail address for notifications of certificate issues
+    d) domains+=("$OPTARG");;
-EMAIL="email@here"
+    e) email=("$OPTARG");;
+    esac
+done
 
 # Identrust cross-signed CA cert needed by the java keystore for import.
 # Can get original here: https://www.identrust.com/certificates/trustid/root-download-x3.html
 EXTRACERT="/root/DSTROOTCAX3.txt"
 
-TEMPFILE=$(mktemp)
+NEWCERT="--renew-by-default certonly"
+RENEWCERT="-n renew"
+
+if [[ ! -z ${email} ]]; then
+	email="--email ${email}"
+else
+	email=""
+fi
+
+shift $((OPTIND -1))
+for val in "${domains[@]}"; do
+        DOMAINS="${DOMAINS} -d ${val} "
+done
+
+
+if ( $renew == "yes" ) {
+	LEOPTIONS=${RENEWCERT}
+else
+	LEOPTIONS="${email} ${DOMAINS} ${NEWCERT}"
+fi
 
-echo "Stopping Unifi controller..."
-service unifi stop
 echo "Firing up standalone authenticator on TCP port 443 and requesting cert..."
 /usr/src/letsencrypt/letsencrypt-auto \
-	--email ${EMAIL} \
 	--server https://acme-v01.api.letsencrypt.org/directory \
     --agree-tos \
-        --renew-by-default \
-        -d ${DOMAIN} \
 	--standalone --standalone-supported-challenges tls-sni-01 \
-         certonly
+    ${LEOPTIONS}
-echo "Using openssl to prepare certificate..."
+    
-openssl pkcs12 -export  -passout pass:aircontrolenterprise \
+
+if `md5sum -c /etc/letsencrypt/live/${DOMAIN}/cert.pem.md5 %>/dev/null`; then
+	echo "Cert has not changed, not updating controller."
+	exit 0
+else
+	TEMPFILE=$(mktemp)
+	echo "Cert has changed, updating controller..."
+	md5sum /etc/letsencrypt/live/${DOMAIN}/cert.pem > /etc/letsencrypt/live/${DOMAIN}/cert.pem.md5 
+	echo "Using openssl to prepare certificate..."
+	openssl pkcs12 -export  -passout pass:aircontrolenterprise \
     	-in /etc/letsencrypt/live/${DOMAIN}/cert.pem \
     	-inkey /etc/letsencrypt/live/${DOMAIN}/privkey.pem \
     	-out ${TEMPFILE} -name unifi \
     	-CAfile /etc/letsencrypt/live/${DOMAIN}/chain.pem -caname root
-echo "Removing existing certificate from Unifi protected keystore..."
+	echo "Stopping Unifi controller..."
-keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
+	service unifi stop
+	echo "Removing existing certificate from Unifi protected keystore..."
+	keytool -delete -alias unifi -keystore /usr/lib/unifi/data/keystore \
 		-deststorepass aircontrolenterprise
-echo "Inserting certificate into Unifi keystore..."
+	echo "Inserting certificate into Unifi keystore..."
-keytool -trustcacerts -importkeystore \
+	keytool -trustcacerts -importkeystore \
     	-deststorepass aircontrolenterprise \
     	-destkeypass aircontrolenterprise \
     	-destkeystore /usr/lib/unifi/data/keystore \
     	-srckeystore ${TEMPFILE} -srcstoretype PKCS12 \
     	-srcstorepass aircontrolenterprise \
     	-alias unifi
-rm -f ${TEMPFILE}
+	rm -f ${TEMPFILE}
-echo "Importing cert into Unifi database..."
+	echo "Importing cert into Unifi database..."
-java -jar /usr/lib/unifi/lib/ace.jar import_cert \
+	java -jar /usr/lib/unifi/lib/ace.jar import_cert \
     	/etc/letsencrypt/live/${DOMAIN}/cert.pem \
     	/etc/letsencrypt/live/${DOMAIN}/chain.pem \
     	${EXTRACERT}
-echo "Starting Unifi controller..."
+	echo "Starting Unifi controller..."
-service unifi start
+	service unifi start
-echo "Done!"
+	echo "Done!"
+fi