From 82a560aa0745e3dacdfc77fe34aeaff1285552c3 Mon Sep 17 00:00:00 2001
From: kris <kris@keyb.ie>
Date: Wed, 11 Feb 2026 16:24:09 +0000
Subject: [PATCH] Add le_notif.sh

---
 le_notif.sh | 273 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 273 insertions(+)
 create mode 100644 le_notif.sh

diff --git a/le_notif.sh b/le_notif.sh
new file mode 100644
index 0000000..72d5427
--- /dev/null
+++ b/le_notif.sh
@@ -0,0 +1,273 @@
+#!/bin/bash
+
+# Configuration
+PASSIVE_SERVER="passive.example.com"
+PASSIVE_USER="certbot"                
+REMOTE_LETSENCRYPT_DIR="/etc/letsencrypt"
+LOCAL_LETSENCRYPT_DIR="/etc/letsencrypt"
+WEB_SERVER="nginx"                     
+HOSTNAME=$(hostname)
+
+# Email Configuration
+EMAIL_ENABLED=false
+EMAIL_TO="admin@example.com"           # Comma Separate for multiple accounts
+EMAIL_FROM="certbot@$(hostname -f)"
+
+# Slack Configuration
+SLACK_ENABLED=true
+SLACK_WEBHOOK_URL="https://hooks.slack.com/services/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"
+
+# Teams Configuration
+TEAMS_ENABLED=false
+TEAMS_WEBHOOK_URL=""
+
+# Log function
+log() {
+    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/letsencrypt/sync.log
+}
+
+# Send email notification
+send_email_notification() {
+    local status=$1
+    local message=$2
+    local details=$3
+    
+    if [ "$EMAIL_ENABLED" != "true" ]; then
+        return
+    fi
+    
+    local subject="[${status}] Let's Encrypt Certificate Sync - ${HOSTNAME}"
+    
+    local email_body=$(cat <<EOF
+Let's Encrypt Certificate Sync Notification
+============================================
+
+Status: ${status}
+Message: ${message}
+
+Server Details:
+---------------
+Source Server: ${HOSTNAME}
+Target Server: ${PASSIVE_SERVER}
+Web Server: ${WEB_SERVER}
+Timestamp: $(date '+%Y-%m-%d %H:%M:%S')
+
+${details}
+
+Log File: /var/log/letsencrypt/sync.log
+EOF
+    )
+    
+    # Send email using mail command
+    echo "$email_body" | mail -s "$subject" -r "$EMAIL_FROM" "$EMAIL_TO"
+    
+    if [ $? -eq 0 ]; then
+        log "Email notification sent to ${EMAIL_TO}"
+    else
+        log "WARNING: Failed to send email notification"
+    fi
+}
+
+# Send notification to Slack
+send_slack_notification() {
+    local status=$1
+    local message=$2
+    local color=$3
+    
+    if [ "$SLACK_ENABLED" != "true" ] || [ -z "$SLACK_WEBHOOK_URL" ]; then
+        return
+    fi
+    
+    local payload=$(cat <<EOF
+{
+    "attachments": [
+        {
+            "color": "${color}",
+            "title": "Let's Encrypt Certificate Sync - ${status}",
+            "text": "${message}",
+            "fields": [
+                {
+                    "title": "Server",
+                    "value": "${HOSTNAME}",
+                    "short": true
+                },
+                {
+                    "title": "Target",
+                    "value": "${PASSIVE_SERVER}",
+                    "short": true
+                },
+                {
+                    "title": "Timestamp",
+                    "value": "$(date '+%Y-%m-%d %H:%M:%S')",
+                    "short": false
+                }
+            ]
+        }
+    ]
+}
+EOF
+    )
+    
+    curl -X POST -H 'Content-type: application/json' \
+        --data "$payload" \
+        "$SLACK_WEBHOOK_URL" -s > /dev/null
+    
+    if [ $? -eq 0 ]; then
+        log "Slack notification sent"
+    else
+        log "WARNING: Failed to send Slack notification"
+    fi
+}
+
+# Send notification to Teams
+send_teams_notification() {
+    local status=$1
+    local message=$2
+    local color=$3
+    
+    if [ "$TEAMS_ENABLED" != "true" ] || [ -z "$TEAMS_WEBHOOK_URL" ]; then
+        return
+    fi
+    
+    local payload=$(cat <<EOF
+{
+    "@type": "MessageCard",
+    "@context": "https://schema.org/extensions",
+    "summary": "Let's Encrypt Certificate Sync - ${status}",
+    "themeColor": "${color}",
+    "title": "Let's Encrypt Certificate Sync - ${status}",
+    "sections": [
+        {
+            "activityTitle": "${message}",
+            "facts": [
+                {
+                    "name": "Server:",
+                    "value": "${HOSTNAME}"
+                },
+                {
+                    "name": "Target:",
+                    "value": "${PASSIVE_SERVER}"
+                },
+                {
+                    "name": "Timestamp:",
+                    "value": "$(date '+%Y-%m-%d %H:%M:%S')"
+                }
+            ]
+        }
+    ]
+}
+EOF
+    )
+    
+    curl -X POST -H 'Content-type: application/json' \
+        --data "$payload" \
+        "$TEAMS_WEBHOOK_URL" -s > /dev/null
+    
+    if [ $? -eq 0 ]; then
+        log "Teams notification sent"
+    else
+        log "WARNING: Failed to send Teams notification"
+    fi
+}
+
+# Unified notification function - sends to all enabled channels
+send_notification() {
+    local status=$1
+    local message=$2
+    local color=$3
+    local details=$4
+    
+    # Send to email
+    send_email_notification "$status" "$message" "$details"
+    
+    # Send to Slack
+    send_slack_notification "$status" "$message" "$color"
+    
+    # Send to Teams
+    send_teams_notification "$status" "$message" "$color"
+}
+
+log "Starting certificate sync to passive server..."
+
+# Sync certificates using rsync over SSH with sudo on remote side
+RSYNC_OUTPUT=$(rsync -azv --delete \
+    --rsync-path="sudo rsync" \
+    -e "ssh -o StrictHostKeyChecking=no" \
+    "${LOCAL_LETSENCRYPT_DIR}/" \
+    "${PASSIVE_USER}@${PASSIVE_SERVER}:${REMOTE_LETSENCRYPT_DIR}/" 2>&1)
+
+RSYNC_EXIT_CODE=$?
+
+if [ $RSYNC_EXIT_CODE -eq 0 ]; then
+    log "Certificate sync successful"
+    
+    # Reload web server on passive server using sudo
+    log "Reloading ${WEB_SERVER} on passive server..."
+    RELOAD_OUTPUT=$(ssh -o StrictHostKeyChecking=no "${PASSIVE_USER}@${PASSIVE_SERVER}" \
+        "sudo systemctl reload ${WEB_SERVER}" 2>&1)
+    
+    RELOAD_EXIT_CODE=$?
+    
+    if [ $RELOAD_EXIT_CODE -eq 0 ]; then
+        log "Web server reload successful"
+        
+        # Count synced files
+        SYNCED_FILES=$(echo "$RSYNC_OUTPUT" | grep -v "^$" | wc -l)
+        
+        send_notification "SUCCESS" \
+            "Certificates synced successfully and ${WEB_SERVER} reloaded on passive server." \
+            "good" \
+            "Files Synced: ${SYNCED_FILES}
+
+Sync Output:
+------------
+${RSYNC_OUTPUT}
+
+Reload Output:
+--------------
+${RELOAD_OUTPUT}"
+        
+        log "Certificate sync completed successfully"
+        exit 0
+    else
+        log "ERROR: Failed to reload web server on passive server"
+        
+        send_notification "FAILURE" \
+            "Certificates synced but failed to reload ${WEB_SERVER} on passive server." \
+            "danger" \
+            "Error Details:
+--------------
+${RELOAD_OUTPUT}
+
+Sync Output:
+------------
+${RSYNC_OUTPUT}
+
+Action Required:
+----------------
+Please manually reload ${WEB_SERVER} on ${PASSIVE_SERVER} or investigate the error."
+        
+        exit 1
+    fi
+else
+    log "ERROR: Certificate sync failed"
+    
+    send_notification "FAILURE" \
+        "Failed to sync certificates to passive server ${PASSIVE_SERVER}." \
+        "danger" \
+        "Error Details:
+--------------
+${RSYNC_OUTPUT}
+
+Exit Code: ${RSYNC_EXIT_CODE}
+
+Action Required:
+----------------
+Please check:
+1. SSH connectivity between servers
+2. Sudo permissions on passive server
+3. Network connectivity
+4. Disk space on passive server"
+    
+    exit 1
+fi
\ No newline at end of file