Letsencrypt Automated Renewal Makefile (Cloudflare)

Readme.md

How to Use:

renew certs (cloudflare domain) : make renew-certs

update certs (concatenate "fullchain" and copy to working dir) : make update-certs

renew a single domain : make foo.example.com

Important!: create a cf.ini file with cloudflare token

How to Edit:

change hosts: Add your hosts to vhost (Line 5)

change certbot settings: edit or add to line 15-17

set email: change line 21

change creential file: change line 19

change proxy working dir: edit PROXY_CERT_DIR (Line 4)

use docker certbot: uncomment line 9-13

Makefile

LETSENCRYPT_ROOT=/etc/letsencrypt
PROXY_CERT_DIR=/certs
VHOSTS=foo.example.com bar.example.com car.example.com
ACTIONS=${foreach host, $(VHOSTS), update-$(host)}
${VHOSTS}:
	echo "renewing $@"; \
	#docker run \
	#	--rm \
	#	-v "/etc/letsencrypt:/etc/letsencrypt" \
	#	-v "$$PWD/cf.ini:/cf.ini:ro" \
	#	certbot/certbot:latest \
	certbot \
			 certonly \
			--non-interactive \
			--agree-tos \
			--dns-cloudflare \
			--dns-cloudflare-credentials=./cf.ini \
			-d $@ \
			--email="example@example.com";
renew-certs: ${VHOSTS}
${ACTIONS}:
	export host="$(subst update-,,$@)"; \
	echo $$host;\
	cat $(LETSENCRYPT_ROOT)/live/$${host}/fullchain.pem ${LETSENCRYPT_ROOT}/live/$$host/privkey.pem > $(PROXY_CERT_DIR)/$$host.pem; \
	chmod 400 $(PROXY_CERT_DIR)/$$host.pem; \
update-certs:
	for host in $(VHOSTS); \
	do \
		echo $$host; \
		cat $(LETSENCRYPT_ROOT)/live/$$host/fullchain.pem ${LETSENCRYPT_ROOT}/live/$$host/privkey.pem > $(PROXY_CERT_DIR)/$$host.pem; \
		chmod 400 $(PROXY_CERT_DIR)/$$host.pem; \
	done
.PHONY: ${VHOSTS} renew-certs update-certs ${ACTIONS}