Mirabellette.eu

A blog about digital independence and autonomy

Apache

Examples of script to renew automaticaly web certificates with let's encrypt

Written by Mirabellette / 13 october 2017 / no comments

Hello everyone,

I know it is a very long time that I didn't post any article but life is life. ^^
Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time.

Generation web certificates with a specific domain name

The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed.

#!/bin/bash
# file : /root/certs/renew-webcert.sh
# Renew all certificates which are in the given file
logFile="/var/log/renew-cert.log"

serverName=$1
while read c ; do
 if [[ ${c} != "#"* ]]; then
  if [[ ${c} != "----------" ]]; then
   echo $c
   echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile
   /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect
  fi
 fi
done <$serverName
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/serverName
toto.example.org
#titi.example.org
----------
tata.example.org

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName
Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

A single web certificate with multiple domain name

The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter.

#!/bin/bash
# file : /root/certs/renew-webcert-mirabellette.sh
logFile="/var/log/renew-cert-mirabellette.log"

serverName="server-name-mirabellette"
cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect"
while read domainName ; do
 if [[ ${domainName} != "#"* ]]; then
  if [[ ${domainName} != "----------" ]]; then
   echo $domainName
   cmdRenew="$cmdRenew -d $domainName"
  fi
 fi
done <$serverName

echo ${cmdRenew}
${cmdRenew}
service apache2 restart
echo "service apache2 restart"


# file : /root/certs/server-name-mirabellette
blog.mirabellette.eu
privatebin.mirabellette.eu
#lufi.mirabellette.eu

To use this one, I create a cron task which run the script each month
0 6 01 * * /root/certs/renew-webcert-mirabellette.sh

Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700)

sources:
I hope this article gave you some ideas to easily manage how to renew your web certificate.

Classified in : Apache / Tags : none