Need Help to fix my script to renew certificate

Help
#1

I have create a simple bash script to renew my certbot certificates when i run the script it ask me to press 2 to continue
i want to add this answer in my bash script can someone help me to add 2 and aontinue automatically here is below my script.

#!/bin/bash

certbot certonly --rsa-key-size 4096 --standalone --agree-tos --no-eff-email --email malik.chand@hotmail.com -d mydomain.com

echo "Your VPN Certificate Is Genrated This Certificate Will be Expire After 90 Day Date date "+%Y-%m-%d %H:%M:%S"" | mail -s "IKEv2 Certificate" malik.chand@hotmail.com

yes | rm /etc/strongswan/swanctl/x509/fullchain.pem

yes | rm /etc/strongswan/swanctl/private/privkey.pem

yes | rm /etc/strongswan/ipsec.d/cacerts/chain.pem

cp /etc/letsencrypt/live/mydomain.com/fullchain.pem /etc/strongswan/swanctl/x509/fullchain.pem

cp /etc/letsencrypt/live/mydomain.com/privkey.pem /etc/strongswan/swanctl/private/privkey.pem

cp /etc/letsencrypt/live/mydomain.com/chain.pem /etc/strongswan/ipsec.d/cacerts/

exit

1 Like
#2

How about instead of all that:

You try your script with this one time:
certbot renew -d mydomain.com

1 Like
#3

If that fails, then you should show:

  • the menu choices shown when you need to "press 2"
  • the output of: certbot certificates
  • the renewal config file that this cert is handled by
    [found at /etc/letsencrypt/renewal/{mydomain.com}.conf]
1 Like
#4

Thank you for your response actually my scenario is pretty different the certificate i need to renew is its a security certificate use for internet key exchange server what i want i need to create a bash script and set with cronjob with 60 days schedule so it will be piece of cake .

1 Like
#5

Although you might want to handle many of these steps in the script, certbot already handles many of them for you.
There are built-in -pre and -post execution script hooks.
And a -deploy-hook that only gets executed when the cert is actually renewed.

Everything you need, certbot can do for you.

LE only offers one certificate type DV.
And it can be used for many things - like VPN.

There is no need to re-invent this perfectly working wheel.

1 Like
#6

Yes you are right this script is working perfect no have any issue if i run this script manually when i rum manually it ask me the question β€œpres 2 to renew β€œ
i want to add verbal to my script that can answer the question and renew the certificate.

1 Like
#7

To clarify, certbot will still need to call a script that sends you an email and copies the files for you:

But that script will only be called when a new script is issued.

1 Like
#8

I hear what you are asking but you are overcomplicating an already solved (non)problem.

You are trying to run certbot non-interactively while running it interactively.
There is no need to try to fool certbot to think you are actually typing at the keyboard.
It can work completely on its' own.

1 Like
#9

Allow me to show you.
Let's start with the contents of this file:
/etc/letsencrypt/renewal/{mydomain.com}.conf

1 Like
#10

thank you for your help im sorry if im trying to be over smart im actually not a web developer so please ignore if any nonsense's

2 Likes
#11

Just trust that we are here to best help you.
You will get all that you need.

1 Like
#12

i really appreciate it no doubt the response is astonishing

2 Likes
#13

OK please show the ouput of:
cat /etc/letsencrypt/renewal/{mydomain.com}.conf

[I don't have the exact file name]

1 Like
#14

here is below

renew_before_expiry = 30 days

version = 1.10.1

archive_dir = /etc/letsencrypt/archive/mydomain.com

cert = /etc/letsencrypt/live/mydomain.com/cert.pem

privkey = /etc/letsencrypt/live/mydomain.com/privkey.pem

chain = /etc/letsencrypt/live/mydomain.com/chain.pem

fullchain = /etc/letsencrypt/live/mydomain.com/fullchain.pem

Options used in the renewal process

[renewalparams]

account = 18277e74207c6d95b83fd75496a9731f

rsa_key_size = 4096

authenticator = standalone

manual_public_ip_logging_ok = None

server = https://acme-v02.api.letsencrypt.org/directory

1 Like
#15

Your command called for:

certbot[that will be called]
certonly[implied by lack of installer and standalone authenticator used]
--rsa-key-size 4096
--standalone
--agree-tos[taken from account]
--no-eff-email[taken from account]
--email malik.chand@hotmail.com[taken from account]
-d mydomain.com

[I've crossed out all the lines that already exist in that file]

So you see there is nothing special/unknown/required of that command request.
Even the cron job timer of 60 days is covered by the "30 days" expiry.

1 Like
#16

Now please show the output of:
certbot certificates

Do not delete lines - you can hide the domain (I don't care)

1 Like
#17

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: mydomain.com
Serial Number: 4b4ac2df666da0572fa4716f4b4e888eaf8
Key Type: RSA
Domains: mydomain.com
Expiry Date: 2021-04-11 08:48:13+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomaim.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem

1 Like
#18

Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: mydomain.com
Serial Number: 4b4ac2df666da0572fa4716f4b4e888eaf8
Key Type: RSA
Domains: mydomain.com
Expiry Date: 2021-04-11 08:48:13+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/mydomaim.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/mydomain.com/privkey.pem

1 Like
#19

If there were other certs and there was a name overlap situation...
You could call certbot renew with:
--cert-name "mydomain.com"
And it would know exactly which cert you are talking about.

In this case, there is only one cert, so there is no name conflict.
But it is better to prepare for the future possibilities and use the --cert-name parameter.

1 Like
#20

thank you so much for your time really appreciated the you explained

2 Likes