Synchronise certificates onto a backup/failover server

This is a recurrent problem and as topics discussing this problem are closed here I come to share a small script that can help.

It can still do with many improvements but it seems to work.

TODO: add a check to see if certs are less than 2 month old

1 Like

Since you're targeting Certbot users, you should look into Fabric for future improvements.

Fabric is a Python library that lets you automate bash commands like this, and also do things like ssh'ing into the remote server to restart the web services. I use it a lot with multi-node systems.

(If Certbot runs on a system, Fabric can too.)


Sounds like it makes sense, but I know nothing of Python, I am typescript dev.

I hate bash... but like the fact it's every were and I wrote this script precisely to help me take over a old Ubuntu that apt is broken... still bash is there :wink:

I think I should specify that a smart way of using this script is via it's letsencrypt-sync-renewal-hook-helper.bash companion script updating a central server behind any of the fronline boxes, central server then updating all of the fronline machines.