Automating Lets Encrypt SSL Certificates using bash shell script

kaushalshriyan · January 25, 2022, 5:19pm

Hi,

I am using Lets Encrypt SSL Certificates for my domain https://mydomain.company.com and trying to automate it using bash shell script.

For example 1 week before 90 days the bash script invoked from Linux Cron scheduler will renew it using certbot renew utility without any manual intervention

Please guide. Thanks in advance.

Best Regards,

Kaushal

Osiris · January 25, 2022, 5:54pm

Why would you require such a bash script? Usually, Certbot is run with the renew subcommand twice a day (or even more frequent when Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension has been implemented!) through a cronjob or systemd timer.

Certbot should only actually renew the certificate when its due for renewal. If there is no certificate due for renewal, Certbot will just exit and, besides checking the certs, do nothing.

rg305 · January 25, 2022, 6:11pm

It seems like you are trying to reinvent the already fully functional certificate wheel.
certbot already defaults to checking twice a day and only renews certs when necessary.

danb35 · January 25, 2022, 6:32pm

And if you're using a different client, it's likely that client also has this functionality. Which client are you using, and why do you think you need to do it this way?

rg305 · January 25, 2022, 6:52pm

kaushalshriyan · January 26, 2022, 5:26pm

Thanks for the response.

# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# certbot
certbot    certbot-2
# certbot --version
certbot 1.11.0
#

I do not see any cron entry in the below files.

/etc/cron.deny /etc/crontab

/etc/cron.d:
0hourly

/etc/cron.daily:
logrotate man-db.cron

/etc/cron.hourly:
0anacron

/etc/cron.monthly:

/etc/cron.weekly:

Please suggest further. Thanks in advance.

Best Regards,

Kaushal

Osiris · January 26, 2022, 5:48pm

CentOS probably uses a systemd timer.

danb35 · January 26, 2022, 6:32pm

Try systemctl list-timers.

kaushalshriyan · January 27, 2022, 5:34am

Thanks a lot and appreciate it. I have a follow up questions regarding firewall rules to be enabled in our firewall to allow exchange to update the SSL Certs.

Outbound and Inbound firewall rule sets from and to the server. Please guide.

Thanks in advance.

Best Regards,

Kaushal

rg305 · January 27, 2022, 9:45am

For certbot to work:
Outbound rules would require HTTPS [and likely DNS too].
Inbound rules would require HTTP [if you use HTTP authentication].
Anything else is up to your needs.

system · February 26, 2022, 9:46am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.