Acme.sh run bash script after cert renwal

This is needed as simply copying the certs into the ssl directory the server / Service "kerio" does not recognise it till the service (not the whole server) is restarted.

OK then nothing should be restarting the entire server.
All seems to be in place.
You can either:

  • wait until the 14th of March to find out is all is well

OR

  • temporarily modify the default expiry date check parameter and expedite the renewal
1 Like

Any ideas how to do this ?

Although your implementation of acme.sh is obtaining LE certs, it wasn't developed (nor is maintained) by LE nor any daily regulars on this forum.
[not to say that you won't get the answer to that (eventually) - if I knew the answer, I'd give it to you]

So, clearly, the quickest is to RTFM [LOL]
OR
Try
acme.sh --help
OR
Visit
https://github.com/acmesh-official/acme.sh

I found this in their "help", but I don't know the full details on how to use it with cron:
--days <ndays> Specifies the days to renew the cert when using '--issue' command. The default value is 60 days.

2 Likes

HAHAHA READ ??? That is beyond my skillset LOL
Thankyou for your help, do you think acme.sh may get deprecated in the future and looking for an alternate might be smarter option?

1 Like

Without a magic crystal ball that question is likely difficult to answer. As of today, acme.sh is fairly well and receives regular contributions.

If you want to quickly "hack" the renewal date for a single certificate temporarily (i.e. one time only), what you can do is edit the certificate's config file @

/Users/localuser/.acme.sh/example.com/example.com.conf

and edit the parameter called Le_NextRenewTime. The value given there is a unix timestamp. There's also a second parameter Le_NextRenewTimeStr, but that's for visual displaying purposes only and not used internally to determine renewal.

4 Likes

Not likely; It's too big to fail that way.
It might "fail" by becoming a paid service - no way to tell what the future might bring...

4 Likes

ahh when you use the command acme.sh --list does it read from "Le_NextRenewTime"
Thankyou for your input !

2 Likes

Noted ! I do believe there was some issues when they changed the default cert service to ZEROSSL and that caused a stir, thankyou again !!

1 Like

Please don't. Acme.sh works best when not meddled with.

I use it myself on my server, but it doesn't even separate staging certificates from "real" ones. It's not forgiving of experimentation.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.