Skip to content

Instantly share code, notes, and snippets.

@Kromey
Last active June 2, 2016 23:09
Show Gist options
  • Save Kromey/be0788232d3723a2cbca8aee3a71e46c to your computer and use it in GitHub Desktop.
Save Kromey/be0788232d3723a2cbca8aee3a71e46c to your computer and use it in GitHub Desktop.
#!/bin/bash
##########################################################################################
# Automated Let's Encrypt certificate renewals #
# #
# This script is designed to be run as often as desired, but will not renew certificates #
# until they are due to expire (by default 30 days ahead of expiry). #
# #
# This script expects that you've provided appropriate parameters in a cli.ini file, #
# either in /etc/letsencrypt/cli.ini or $XDG_CONFIG_HOME/letsencrypt/cli.ini; note that #
# the latter will be ~/letsencrypt/cli.ini if the variable is not defined. #
##########################################################################################
##########################################################################################
# CONFIGURATION #
# Since this script expects to contain the certbot utility within a virtual environment, #
# you must provide full paths to the following within said virtual environment. #
# DO NOT attempt to use the system binaries/packages!! #
##########################################################################################
PIP=/opt/venvs/certbot/bin/pip
CERTBOT=/opt/venvs/certbot/bin/certbot
# The post-hook is a command that only runs once, and only if a cert was actually renewed
POSTHOOK="service nginx reload;"
# Do some additional custom post-hook stuff if needed for your environment
#Prosody needs the cert chain available in its own directory
DOMAIN_CERT_DIR=/etc/letsencrypt/live/fairbanksnano.org/
PROSODY_CERT_DIR=/var/lib/prosody/le_cert/
POSTHOOK="$POSTHOOK cp $DOMAIN_CERT_DIR""fullchain.pem $DOMAIN_CERT_DIR""privkey.pem $PROSODY_CERT_DIR;"
POSTHOOK="$POSTHOOK service prosody restart"
##########################################################################################
# END CONFIGURATION #
# #
# DO NOT CHANGE ANYTHING BELOW THIS LINE!! #
# Not unless you REALLY know what you are doing and REALLY need to... #
##########################################################################################
# Step 1: Update certbot
$PIP install --upgrade --quiet certbot
# Step 2: Renew certificates
$CERTBOT renew --post-hook "$POSTHOOK"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment