The operating system my web server runs on is (include version):
I can login to a root shell on my machine (yes or no, or I don’t know):
I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of
certbot --version or
certbot-auto --version if you’re using Certbot):
Script runs fine and renews (when running under root and executed manually) am very comforatable creating cron jobs, my issue is if i have the script to run everyday is there a limitation for ENQUIRING / renewing the certificate (3 months?) or do i have to have the cron script run more in line with the renewal date 2.5 months from the last only one or so calls per 3 months. I havnt created the cron job however just want to make sure i dont hit any limitation on asking everday “renew me?” Also is this why people use certbot as it has more checks an balances than the basic acme script ?
Contents of acme script below
./acme.sh/acme.sh --issue -d DOMAIN --standalone --httpport 8081
cp ~/.acme.sh/domain.name/domain.name.cer /usr/local/kerio/mailserver/sslcert/server2.crt
cp ~/.acme.sh/domain.name/domain.name.key /usr/local/kerio/mailserver/sslcert/server2.key
What you’d really want to do is put the remaining commands (the ones after
acme.sh) into a post-renew script. Then issue the cert with
acme.sh --issue -d DOMAIN --standalone --httpport 8081 --reloadcmd /path/to/script. Once that issues, set a daily cron job of
You should also use
acme.sh --install to copy the certificate and key files instead of
Daily, at random times of the day.
For example, with something like:
0 */12 * * * perl -e 'sleep int(rand(43200))' && /path/to/acme.sh --cron
Or an equivalent that works on macOS.
Thanyou both for insight ! Would the below be correct ?
./acme.sh/acme.sh --issue -d DOMAIN --standalone --httpport 8081 --reloadcmd
–install ~/.acme.sh/domain.name/domain.name.cer /usr/local/kerio/mailserver/sslcert/server2.crt
–install ~/.acme.sh/domain.name/domain.name.key /usr/local/kerio/mailserver/sslcert/server2.key
As the server has daily backups i dont want the script to impede on that so a “not so” randomised time 90 minutes after 21:30pm
30 21 * * * bash -c “sleep $[RANDOM%90]m” ; ~/var/root/scripts/acme.sh
After further consideration, the way to go would be
.acme.sh/acme.sh --issue -d DOMAIN --standalone --httpport 8081 --key-file /usr/local/kerio/mailserver/sslcert/server2.key --cert-file /usr/local/kerio/mailserver/sslcert/server2.crt --reloadcmd /usr/local/kerio/mailserver/keriomailserver restart (assuming there’s a “restart” command for keriomailserver, “reload” would be even better). Then your cron job (after whatever delay you implement) would still be what I suggested earlier:
Consider whether you’d need to use
--fullchain-file rather than
--cert-file; that’s going to depend on the requirements of your server software.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.