run this on cron every 30 */13
#!/bin/bash
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3 RETURN
exec 1>>/var/log/upd-gtssl.log 2>&1
echo "$(date) : Script - start" >&3 # This still shows on console
# make sure this runs every 89 days since the day the cert was renew. (in my case this happen to be "day 59 of a 89 days cycle")
if test $(( $(date +%s)/24/60/60%89 )) = 59; then
echo $(date) - renew cert.
#open port 80 in firewall, so getssl can be confirmed
ssh -x root@router -q 'iptables -t nat -I PREROUTING -d $(nvram get wan_ipaddr) -p tcp --dport 80 -j DNAT --to-destination webserver:80 && iptables -I FORWARD -p tcp -d webserver --dport 80 -j ACCEPT'
#renew cert
cd /usr/local/etc/getssl/
/usr/local/etc/getssl/getssl mydomain.tld
sleep 10
#close port 80 in firewall, we don't run plain http
ssh -x root@router -q 'iptables -t nat -D PREROUTING -d $(nvram get wan_ipaddr) -p tcp --dport 80 -j DNAT --to-destination webserver:80 && iptables -D FORWARD -p tcp -d webserver --dport 80 -j ACCEPT'
else
echo $(date) - Cert still good.
fi