I have several certificates that are stored in a git repository. I would like to setup an auto-renewal of these certificates and automatically push them to the repo every 60 days. I issue my certificates like this:
for domain in $DOMAINS; do
./acme.sh --server letsencrypt --dns dns_cf --home $PROJECT_NAME --issue -d $domain -k ec-256 --preferred-chain "ISRG Root X1" --renew-hook /path/to/hook
./acme.sh --ecc --install-cert --home $PROJECT_NAME -d $domain --key-file /path/to/key-file --fullchain-file /path/to/fullchain-file
done
This is the cronjob that I use for the renewal.
0 0 * * * "$HOME/.acme.sh"/acme.sh --cron --home "$HOME/.acme.sh/$PROJECT_NAME" > /dev/null
Here I managed to find the description of a renew-hook that states that it is called when certs are successfully renewed. But the problem I've encountered is that the renew-hook is called for every certificate, which is not very convenient for me because I would like to wait until all the certs are renewed and then make a single commit.
I, of course, can write a separate script that's not connected to acme and push the certificates to the repo without any acme hooks using cron, but it won't look nice and I think it's ideologically wrong.
I couldn't google a standard solution for this problem, could anyone please tell me what's the best way to do this?