This is currently my renew script which I run daily via crontab.
if $renewpath renew --dry-run >> $log/renew.log then echo "---------- LetsEncrypt Renew - Passed ---------- $now ----------" >> $log/renew.log else echo "---------- LetsEncrypt Renew - Failed ---------- $now ----------" >> $log/renew.log exit echo -e $(cat /LetsEncrypt-Scripts/email-templates/renewal-failed.template) | mail -s "$(echo -e "LetsEncrypt Renewal - Failed\nContent-Type: text/html")" -a "From: $emailfrom" $emailto fi
What it does it send an email if the renew fails; what I want it is to also send a email if a renewal happens but at the moment even if a certificate is skipped it passes. Is there a status code I could use and if so how could I implement it (or if anyone as a better suggestion on this, would appreciate it).
Idea: Probably there isn’t a status code, but you could inspect the certificate with e.g. stat and if it’s new send email about that.
Another idea: Completely separate script, just looks at all your certificates and checks none have < 10 days left on them then emails “Hooray, all certificates are safe for another week”. If you don’t get the email, time to investigate. This is very fail safe, if there’s a bug in the script, or the disks fail or the mail server crashes or the power to the building goes off, you don’t get that mail, time to investigate. Whereas ensuring you’d always get a message saying “Something is wrong” is much harder to achieve.
There are a number of options. 0.5.0 introduced hooks which are called when certificates are renewed:
You could also inspect the output of of the renew run and use that to determine your action. For example:
if [ $? -eq 0 ]; then
if grep -q "Congratulations!" <<<$OUT; then
# certificates renewed successfully
# certificates not due for renewal
# error during renewal