#!/bin/bash # Configuration PASSIVE_SERVER="passive.example.com" PASSIVE_USER="certbot" REMOTE_LETSENCRYPT_DIR="/etc/letsencrypt" LOCAL_LETSENCRYPT_DIR="/etc/letsencrypt" WEB_SERVER="nginx" HOSTNAME=$(hostname) # Email Configuration EMAIL_ENABLED=false EMAIL_TO="admin@example.com" # Comma Separate for multiple accounts EMAIL_FROM="certbot@$(hostname -f)" # Slack Configuration SLACK_ENABLED=true SLACK_WEBHOOK_URL="https://hooks.slack.com/services/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" # Teams Configuration TEAMS_ENABLED=false TEAMS_WEBHOOK_URL="" # Log function log() { echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/letsencrypt/sync.log } # Send email notification send_email_notification() { local status=$1 local message=$2 local details=$3 if [ "$EMAIL_ENABLED" != "true" ]; then return fi local subject="[${status}] Let's Encrypt Certificate Sync - ${HOSTNAME}" local email_body=$(cat < /dev/null if [ $? -eq 0 ]; then log "Slack notification sent" else log "WARNING: Failed to send Slack notification" fi } # Send notification to Teams send_teams_notification() { local status=$1 local message=$2 local color=$3 if [ "$TEAMS_ENABLED" != "true" ] || [ -z "$TEAMS_WEBHOOK_URL" ]; then return fi local payload=$(cat < /dev/null if [ $? -eq 0 ]; then log "Teams notification sent" else log "WARNING: Failed to send Teams notification" fi } # Unified notification function - sends to all enabled channels send_notification() { local status=$1 local message=$2 local color=$3 local details=$4 # Send to email send_email_notification "$status" "$message" "$details" # Send to Slack send_slack_notification "$status" "$message" "$color" # Send to Teams send_teams_notification "$status" "$message" "$color" } log "Starting certificate sync to passive server..." # Sync certificates using rsync over SSH with sudo on remote side RSYNC_OUTPUT=$(rsync -azv --delete \ --rsync-path="sudo rsync" \ -e "ssh -o StrictHostKeyChecking=no" \ "${LOCAL_LETSENCRYPT_DIR}/" \ "${PASSIVE_USER}@${PASSIVE_SERVER}:${REMOTE_LETSENCRYPT_DIR}/" 2>&1) RSYNC_EXIT_CODE=$? if [ $RSYNC_EXIT_CODE -eq 0 ]; then log "Certificate sync successful" # Reload web server on passive server using sudo log "Reloading ${WEB_SERVER} on passive server..." RELOAD_OUTPUT=$(ssh -o StrictHostKeyChecking=no "${PASSIVE_USER}@${PASSIVE_SERVER}" \ "sudo systemctl reload ${WEB_SERVER}" 2>&1) RELOAD_EXIT_CODE=$? if [ $RELOAD_EXIT_CODE -eq 0 ]; then log "Web server reload successful" # Count synced files SYNCED_FILES=$(echo "$RSYNC_OUTPUT" | grep -v "^$" | wc -l) send_notification "SUCCESS" \ "Certificates synced successfully and ${WEB_SERVER} reloaded on passive server." \ "good" \ "Files Synced: ${SYNCED_FILES} Sync Output: ------------ ${RSYNC_OUTPUT} Reload Output: -------------- ${RELOAD_OUTPUT}" log "Certificate sync completed successfully" exit 0 else log "ERROR: Failed to reload web server on passive server" send_notification "FAILURE" \ "Certificates synced but failed to reload ${WEB_SERVER} on passive server." \ "danger" \ "Error Details: -------------- ${RELOAD_OUTPUT} Sync Output: ------------ ${RSYNC_OUTPUT} Action Required: ---------------- Please manually reload ${WEB_SERVER} on ${PASSIVE_SERVER} or investigate the error." exit 1 fi else log "ERROR: Certificate sync failed" send_notification "FAILURE" \ "Failed to sync certificates to passive server ${PASSIVE_SERVER}." \ "danger" \ "Error Details: -------------- ${RSYNC_OUTPUT} Exit Code: ${RSYNC_EXIT_CODE} Action Required: ---------------- Please check: 1. SSH connectivity between servers 2. Sudo permissions on passive server 3. Network connectivity 4. Disk space on passive server" exit 1 fi