Script for sending certbot renew fail log via email

danjde · November 20, 2017, 5:54pm

Hi Friends,
by running daily the certbot renew via Cron, has anyone among you ever made a script that is responsible for sending an email to the administrator only in case of error?
Or does certbot have this feature natively?

Many thanks!

Davide

sahsanu · November 20, 2017, 7:21pm

Hello @danjde,

Cron by default sends and email (you can use MAILTO variable to specify the e-mail address if you don’t want to be send to root or the user who owns the crontab entry) if the script/command executed leaves an output (standard or error output) so create your crontab entry adding the certbot’s --quiet parameter.

certbot renew --quiet

This quiet parameter silences all output except errors so you will only receive an email if something is wrong executing certbot renew command.

Cheers,
sahsanu

danjde · November 21, 2017, 4:57pm

Thanks @sahsanu or your help!
Could be right this bash script (setting cron MAILTO variable)?

#!/bin/bash
# script modificato per invio di email solo in caso di errori (cron MAILTO variable)
/usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet >> /var/log/certbot-renew.log
exit 0

Thanks again!

Davide

sahsanu · November 23, 2017, 8:29am

Hi @danjde,

Sorry for the delay but I didn’t see your reply.

I see no reason to create a script to do that, simply add a new entry to root’s crontab.

Edit root’s crontab:

crontab -e

Add this line:

23 */12 * * * /usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet

Or if you want to specify a mail address, add on top of file a MAILTO variable:

MAILTO="youruser@domain.tld"
23 */12 * * * /usr/bin/certbot renew --renew-hook "/usr/sbin/service apache2 reload" --quiet

Save the file and that’s all, the script will run twice every day, at 12:23 and 00:23 and it will send a mail to you only if there are some kind of error.

Note: Adding this redirection >> /var/log/certbot-renew.log will do nothing because your are redirecting (appending) the standard output to a file, but --quiet parameter is silencing the standard output of certbot command so you only have an empty /var/log/certbot-renew.log file ;).

I hope this helps.

Cheers,
sahsanu

danjde · November 23, 2017, 4:13pm

Don' worry, how you can see I'm still alive

Thanks for your reply that answer perfectly to my question!

system · December 23, 2017, 4:13pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Send mail when renew certificat Help	4	1152	May 9, 2017
Cron output as information [solved] Feature Requests	4	1628	September 21, 2017
Renew Script with if and email Help	4	2605	June 27, 2016
Certbot command fails from cronjob, but works fine when I run it manually Help	9	1960	May 28, 2021
Renew notice after create a cron job Issuance Tech	3	1548	January 23, 2017

Script for sending certbot renew fail log via email

Related topics