Script for sending certbot renew fail log via email

Hi Friends,
by running daily the certbot renew via Cron, has anyone among you ever made a script that is responsible for sending an email to the administrator only in case of error?
Or does certbot have this feature natively?

Many thanks!

Davide

Hello @danjde,

Cron by default sends and email (you can use MAILTO variable to specify the e-mail address if you don’t want to be send to root or the user who owns the crontab entry) if the script/command executed leaves an output (standard or error output) so create your crontab entry adding the certbot’s --quiet parameter.

certbot renew --quiet

This quiet parameter silences all output except errors so you will only receive an email if something is wrong executing certbot renew command.

Cheers,
sahsanu

1 Like

Thanks @sahsanu or your help!
Could be right this bash script (setting cron MAILTO variable)?

#!/bin/bash
# script modificato per invio di email solo in caso di errori (cron MAILTO variable)
/usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet >> /var/log/certbot-renew.log
exit 0

Thanks again!

Davide

Hi @danjde,

Sorry for the delay but I didn’t see your reply.

I see no reason to create a script to do that, simply add a new entry to root’s crontab.

Edit root’s crontab:

crontab -e

Add this line:

23 */12 * * * /usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet

Or if you want to specify a mail address, add on top of file a MAILTO variable:

MAILTO="youruser@domain.tld"
23 */12 * * * /usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet

Save the file and that’s all, the script will run twice every day, at 12:23 and 00:23 and it will send a mail to you only if there are some kind of error.

Note: Adding this redirection >> /var/log/certbot-renew.log will do nothing because your are redirecting (appending) the standard output to a file, but --quiet parameter is silencing the standard output of certbot command so you only have an empty /var/log/certbot-renew.log file ;).

I hope this helps.

Cheers,
sahsanu

1 Like

Don’ worry, how you can see I’m still alive :smiley:

Thanks for your reply that answer perfectly to my question!

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.