files/certbot-renewal.sh

@@ -1,14 +1,16 @@
 #! /bin/bash
 dom=`date +%d`
 today=`date +%Y%m%d`
+log=/var/log/certbot-renewal.log
+echo Renewal attempt for $today >> $log
 for f in `ls /etc/letsencrypt/live/ --ignore "README"`
 do
-    echo Checking $f
+    echo Checking $f >> $log
     #check if cert has already expired or will expire within the next two days and renew if applicable
     expires=`echo `openssl x509 -enddate -noout -in /etc/letsencrypt/live/$f/cert.pem` " - 2 day" | grep -Po "(?<=notAfter=).*" | date +%Y%m%d -f -`
     if [[ $today > $expires ]]
     then
-        echo Certificate for $f is expired, renewing
+        echo Certificate for $f is expired, renewing >> $log
         certbot renew --cert-name $f --dry-run >> /var/log/certbot-renewal.log
     fi
     #convert hostname into day of month between 0 and 28 to renew on specific day of month (reduce chance of running out of cert renewals)
@@ -19,8 +21,8 @@ do
         rdate=$(((${num#-}+$d)%28+1))
         if [[ $dom -eq $rdate ]]
         then
-            echo Date falls within renewal window for $f, attempting renewal
-            certbot renew --cert-name $f --dry-run >> /var/log/certbot-renewal.log
+            echo Date falls within renewal window for $f, attempting renewal >> $log
+            certbot renew --cert-name $f --dry-run >> $log
             break
         fi
     done