I am using Lets Encrypt SSL Certificates for my domain https://mydomain.company.com and trying to automate it using bash shell script.
For example 1 week before 90 days the bash script invoked from Linux Cron scheduler will renew it using certbot renew utility without any manual intervention
Please guide. Thanks in advance.
Why would you require such a bash script? Usually, Certbot is run with the
renew subcommand twice a day (or even more frequent when Automated Certificate Management Environment (ACME) Renewal Information (ARI) Extension has been implemented!) through a cronjob or systemd timer.
Certbot should only actually renew the certificate when its due for renewal. If there is no certificate due for renewal, Certbot will just exit and, besides checking the certs, do nothing.
It seems like you are trying to reinvent the already fully functional certificate wheel.
certbot already defaults to checking twice a day and only renews certs when necessary.
And if you're using a different client, it's likely that client also has this functionality. Which client are you using, and why do you think you need to do it this way?
Thanks for the response.
# cat /etc/redhat-release
CentOS Linux release 7.9.2009 (Core)
# certbot --version
I do not see any cron entry in the below files.
Please suggest further. Thanks in advance.
CentOS probably uses a systemd timer.
Thanks a lot and appreciate it. I have a follow up questions regarding firewall rules to be enabled in our firewall to allow exchange to update the SSL Certs.
Outbound and Inbound firewall rule sets from and to the server. Please guide.
Thanks in advance.
certbot to work:
Outbound rules would require HTTPS [and likely DNS too].
Inbound rules would require HTTP [if you use HTTP authentication].
Anything else is up to your needs.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.