README.md

@@ -10,11 +10,9 @@ A bash script for managing SSL/TLS certificates through the Certwarden API. This
 - Service reload after certificate updates
 - Certificate expiration monitoring
 - Interactive menu-driven interface
-- Silent mode for automated operations
-- Force update option for certificate renewals
+- Automated mode support through environment configuration
 - Proper error handling and logging
 - Support for multiple certificates
-- Secure temporary file handling
 
 ## Prerequisites
 
@@ -61,8 +59,27 @@ CERTIFICATES='[
     "key_api_key": "your_key_api_key"
   }
 ]'
+
+# Optional: Auto mode configuration
+AUTO_MODE="false"
 ```
 
+### Environment Variables Explained
+
+| Variable | Description | Required |
+|----------|-------------|----------|
+| CERTWARDEN_SERVER | Certwarden API server hostname and port | Yes |
+| CERT_PATH | Directory for certificate storage | Yes |
+| KEY_PATH | Directory for private key storage | Yes |
+| TEMP_PATH | Temporary directory for downloads | Yes |
+| SERVICE_NAME | Service to reload after certificate updates | Yes |
+| CERT_OWNER | User owner for certificate files | Yes |
+| CERT_GROUP | Group owner for certificate files | Yes |
+| CERT_PERMISSIONS | Certificate file permissions | Yes |
+| KEY_PERMISSIONS | Private key file permissions | Yes |
+| CERTIFICATES | JSON array of certificate configurations | Yes |
+| AUTO_MODE | Enable automated operation | No |
+
 ## Usage
 
 ### Interactive Mode
@@ -78,49 +95,18 @@ This will present a menu with the following options:
 4. Exit
 
 ### Automated Mode
-Run the script with the `--silent` flag for automated operations:
-```bash
-./certman.sh --silent
-```
-
-### Force Update
-Use the `--force` flag to force certificate updates regardless of current status:
-```bash
-./certman.sh --force
-```
-
-Flags can be combined:
-```bash
-./certman.sh --silent --force
-```
+Set `AUTO_MODE="true"` in the `.env` file and run the script. This is suitable for cron jobs.
 
 ### Cron Configuration
 Add these lines to your crontab for automated certificate management:
 ```cron
-@reboot sleep 15 && /path/to/certman.sh --silent
-5 4 * * 2 /path/to/certman.sh --silent
+@reboot sleep 15 && /path/to/certman.sh
+5 4 * * 2 /path/to/certman.sh
 ```
 
-## Environment Variables
-
-| Variable | Description | Required |
-|----------|-------------|----------|
-| CERTWARDEN_SERVER | Certwarden API server hostname and port | Yes |
-| CERT_PATH | Directory for certificate storage | Yes |
-| KEY_PATH | Directory for private key storage | Yes |
-| TEMP_PATH | Temporary directory for downloads | Yes |
-| SERVICE_NAME | Service to reload after certificate updates | Yes |
-| CERT_OWNER | User owner for certificate files | Yes |
-| CERT_GROUP | Group owner for certificate files | Yes |
-| CERT_PERMISSIONS | Certificate file permissions | Yes |
-| KEY_PERMISSIONS | Private key file permissions | Yes |
-| CERTIFICATES | JSON array of certificate configurations | Yes |
-
 ## Security Considerations
 
 - Store the script and `.env` file in a secure location with restricted permissions
 - Use appropriate permissions for certificate and key files
 - Keep API keys secure and rotate them periodically
 - Run the script as a user with appropriate privileges
-- Temporary files are automatically cleaned up using secure practices
-- Certificate and key pairs are validated before installation

certman.sh

@@ -11,17 +11,12 @@ else
 fi
 
 AUTO_MODE="false"
-FORCE_UPDATE="false"
 while [[ $# -gt 0 ]]; do
     case $1 in
         --silent)
             AUTO_MODE="true"
             shift
             ;;
-        --force)
-            FORCE_UPDATE="true"
-            shift
-            ;;
         *)
             shift
             ;;
@@ -71,14 +66,14 @@ download_and_verify_cert() {
     echo -e "${BLUE}Processing certificate for $domain${NC}"
 
     # Download certificate
-    if ! curl -s -fL -o "$temp_cert" -H "X-API-Key: $cert_api_key" \
+    if ! curl -fL -o "$temp_cert" -H "X-API-Key: $cert_api_key" \
         "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/certificates/$domain"; then
         echo -e "${RED}Failed to download certificate for $domain${NC}"
         return 1
     fi
 
     # Download private key
-    if ! curl -s -fL -o "$temp_key" -H "X-API-Key: $key_api_key" \
+    if ! curl -fL -o "$temp_key" -H "X-API-Key: $key_api_key" \
         "https://$CERTWARDEN_SERVER/certwarden/api/v1/download/privatekeys/$domain"; then
         echo -e "${RED}Failed to download private key for $domain${NC}"
         return 1
@@ -116,9 +111,7 @@ install_certificate() {
     local needs_reload=0
 
     # Check if certificate needs updating
-    if [ "$FORCE_UPDATE" = "true" ]; then
-        needs_reload=1
-    elif [ -f "$final_cert" ]; then
+    if [ -f "$final_cert" ]; then
         if ! cmp -s "$final_cert" "$temp_cert"; then
             needs_reload=1
         fi

example.env

@@ -20,3 +20,6 @@ CERTIFICATES='[
     "key_api_key": "your_key_api_key"
   }
 ]'
+
+# Optional: Auto mode configuration
+AUTO_MODE="false"