Acme.sh run bash script after cert renwal

Help
1

At the moment we run the renwals of several servers manually using acme.sh v3.0+
The cron job is there to renew cert and it uses cloudflare token and this all works perfectly.
The issue we have is requiring further scripting to stop our particular mail server rename the cert and copy it into place and start the server - very trivial yes !
Is there a way or method to do this (as root) included in the acme.sh ?
The command is listed below and manually run prior to ssl expirey it has to be run as root
/usr/local/kerio/mailserver/keriomailserver stop
cp ~/.acme.sh/name.domain.com/fullchain.cer /usr/local/kerio/mailserver/sslcert/server.crt
cp ~/.acme.sh/name.domain.com/name.domain.com.key /usr/local/kerio/mailserver/sslcert/server.key
/usr/local/kerio/mailserver/keriomailserver start

Any help or pointers would be super appreciated !

1 Like
2

I think acme.sh --install-cert is probably what you're looking for. Something like:

acme.sh --install-cert -d name.domain.com \
--key-file /usr/local/kerio/mailserver/sslcert/server.key \
--fullchain-file /usr/local/kerio/mailserver/sslcert/server.crt \
--reloadcmd "/usr/local/kerio/mailserver/keriomailserver stop; /usr/local/kerio/mailserver/keriomailserver start"

acme.sh will remember to call it upon a successful renewal of your certificate.

2 Likes
3

Fantastic ! To configure this as a cronjob for example for a cert that was renewed today (already) how can i do this without triggering a new cert call ? Thanks for you help so far !

2 Likes
4

You don't need to cron this separately, acme.sh will remember to do it as part of its main renewal cron job.

Running this command won't trigger a renewal. You can run it now, once, and acme.sh will take care of automatically running it for future renewals.

1 Like
5

Thankyou AZ have marked as solution off the back of your advise !

2 Likes
6

@_az stupid question but how do I add the actual command ?

1 Like
7

If i try to add acme.sh --install-cert -d name.domain.com it replies "unknown parameter :"

1 Like
8

If you paste all 4 lines, it should work.

Can you post a screenshot of what happens?

1 Like
9

if i remove the \ and add the full path to the acme directory the first command works but doing the following command fails :
/Users/username/.acme.sh/acme.sh --key-file /usr/local/kerio/mailserver/sslcert/server.key
opens the help dialogue as below:

v3.0.1
Usage: acme.sh ... [parameters ...]
Commands:
-h, --help Show this help message.
-v, --version Show version info.
--install Install acme.sh to your system.
--uninstall Uninstall acme.sh, and uninstall the cron job.
--upgrade Upgrade acme.sh to the latest code from GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol.
--issue Issue a cert.
--deploy Deploy the cert to your server.
-i, --install-cert Install the issued cert to apache/nginx or any other server.
-r, --renew Renew a cert.
--renew-all Renew all the certs.
--revoke

1 Like
10

The thing should be a single command. The backslashes join each line together into one long command. Maybe try paste this:

acme.sh --install-cert -d name.domain.com --key-file /usr/local/kerio/mailserver/sslcert/server.key --fullchain-file /usr/local/kerio/mailserver/sslcert/server.crt --reloadcmd "/usr/local/kerio/mailserver/keriomailserver stop; /usr/local/kerio/mailserver/keriomailserver start"
1 Like
11

yes im on the same plane i was just trying that as you typed heres the result :
bash-3.2# /Users/localname/.acme.sh/acme.sh --install-cert -d name.domain.com -d autodiscover.domain.com --key-file "/usr/local/kerio/mailserver/sslcert/server.key" --fullchain-file "/usr/local/kerio/mailserver/sslcert/server.crt” --reloadcmd "/usr/local/kerio/mailserver/keriomailserver stop; /usr/local/kerio/mailserver/keriomailserver start”

[Wed 12 Jan 2022 15:11:56 AEDT] Unknown parameter : stop

Kerio Connect Script: Unknown parameter start”

bash-3.2#

1 Like
12

What if you just run this on its own:

  /usr/local/kerio/mailserver/keriomailserver stop
1 Like
13

that will stop the mailserver

1 Like
14

there is a RESTART command too

1 Like
15

So, I don't think the "unknown parameter" message is coming from acme.sh.

I want you to double check that the stop/start commands actually work on their own, because I don't think there's anything wrong with the acme.sh parts.

1 Like
16

bash-3.2# /usr/local/kerio/mailserver/keriomailserver

Kerio Connect Script: Missing parameter. Use "start", "stop" or "restart".

1 Like
17

/Users/localuser/.acme.sh/acme.sh --install-cert -d name.domain.com -d autodiscover.domain.com --key-file "/usr/local/kerio/mailserver/sslcert/server.key" --fullchain-file "/usr/local/kerio/mailserver/sslcert/server.crt” --reloadcmd "/usr/local/kerio/mailserver/keriomailserver restart”

This should work right ? then acme.sh --install-cronjob to ensure its saved as cronjob ?

1 Like
18

Sure, give it a shot.

1 Like
19

doesnt error doesnt give a new line just sits in terminal as

1 Like
20

Sounds like it worked to me!

1 Like