Last active
June 2, 2016 23:09
-
-
Save Kromey/be0788232d3723a2cbca8aee3a71e46c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
########################################################################################## | |
# Automated Let's Encrypt certificate renewals # | |
# # | |
# This script is designed to be run as often as desired, but will not renew certificates # | |
# until they are due to expire (by default 30 days ahead of expiry). # | |
# # | |
# This script expects that you've provided appropriate parameters in a cli.ini file, # | |
# either in /etc/letsencrypt/cli.ini or $XDG_CONFIG_HOME/letsencrypt/cli.ini; note that # | |
# the latter will be ~/letsencrypt/cli.ini if the variable is not defined. # | |
########################################################################################## | |
########################################################################################## | |
# CONFIGURATION # | |
# Since this script expects to contain the certbot utility within a virtual environment, # | |
# you must provide full paths to the following within said virtual environment. # | |
# DO NOT attempt to use the system binaries/packages!! # | |
########################################################################################## | |
PIP=/opt/venvs/certbot/bin/pip | |
CERTBOT=/opt/venvs/certbot/bin/certbot | |
# The post-hook is a command that only runs once, and only if a cert was actually renewed | |
POSTHOOK="service nginx reload;" | |
# Do some additional custom post-hook stuff if needed for your environment | |
#Prosody needs the cert chain available in its own directory | |
DOMAIN_CERT_DIR=/etc/letsencrypt/live/fairbanksnano.org/ | |
PROSODY_CERT_DIR=/var/lib/prosody/le_cert/ | |
POSTHOOK="$POSTHOOK cp $DOMAIN_CERT_DIR""fullchain.pem $DOMAIN_CERT_DIR""privkey.pem $PROSODY_CERT_DIR;" | |
POSTHOOK="$POSTHOOK service prosody restart" | |
########################################################################################## | |
# END CONFIGURATION # | |
# # | |
# DO NOT CHANGE ANYTHING BELOW THIS LINE!! # | |
# Not unless you REALLY know what you are doing and REALLY need to... # | |
########################################################################################## | |
# Step 1: Update certbot | |
$PIP install --upgrade --quiet certbot | |
# Step 2: Renew certificates | |
$CERTBOT renew --post-hook "$POSTHOOK" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment