NethServer Version: 7.0
Module: nethserver-letsencrypt
Hello,
I am looking for the automatic renewal certificate via nethserver-letsencrypt module on nethserver 7.0. I found these doc below:
https://docs.nethserver.org/projects/nethserver-devel/en/latest/nethserver-letsencrypt.html
1.) My question now is how practically to use the cron job, for example can I just create a bash/shell script as explained above and just run it every 29 or 30 days to auto-renew the certificate?
2.) I found also this config file on nethserver under this pwd, should I have to change or update any information on that script or just use it as it is?
/usr/libexec/nethserver/letsencrypt-certs
** #!/usr/bin/perl**
use esmith::ConfigDB;
use esmith::HostsDB;
use File::stat;
use esmith::event;
use Getopt::Std;
my $cdb = esmith::ConfigDB->open();
my $ddb = esmith::HostsDB->open_ro();
my $crtdir = â/etc/letsencrypt/â;
my $crtdir_backup = â/etc/letsencrypt.autobackup/â;
my $lebin = â/usr/bin/certbotâ;
my $config = ââ;
my $verbose = 0;
my $testing = 0;
my $force = 0;
our $mail = ââ;
our $modified = 0;
# Certificate for FQDN
our @domains = ();
$SIG{INT} = &restore;
$SIG{TERM} = &restore;
sub restore {
** if ( -d $crtdir_backup) {**
** # restore backup cert dir**
** if ($verbose) {**
** print âRestoring $crtdir âŠ\nâ;**
** }**
** system(ârm -rf $crtdirâ);**
** system(âmv $crtdir_backup $crtdirâ);**
** }**
}
sub renew {
** my $domains = shift;**
** my $opts = " certonly --webroot --webroot-path /var/www/html/ --text --non-interactive --agree-tos ";**
** if (!$mail) {**
** $opts .= " --register-unsafely-without-email "**
** } else {**
** $opts .= " --email $mail "**
** }**
** # file paths**
** my $crt = crtdir."/live/".lc({$domains}[0])."/cert.pem";**
** # read the date of certificate link before renewal**
** my $tmp = stat($crt);**
** my $before = defined($tmp) ? $tmp->mtime : 0;**
** my $cmd = â$lebin $optsâ;**
** foreach (@$domains) {**
** cmd .= " -d _ ";**
** }**
** if ($force) {**
** $cmd .= " --force-renewal ";**
** }**
** if ($testing) {**
** $cmd .= " --test-cert ";**
** }**
** if (!$verbose) {**
** $cmd .= " --quiet >/dev/null";**
** } else {**
** $cmd .= " -v â;**
** print $cmd.â\n";**
** }**
** my $ret = system($cmd);**
** if ($testing) {**
** restore();**
** exit $ret>>8;**
** }**
** # read the date of certificate link after renewal**
** $tmp = stat($crt);**
** my $after = defined($tmp) ? $tmp->mtime : 0;**
** if ($before != $after) {**
** $modified++;**
** }**
}
sub help {
** print âUsage: $0 [-h] [-f] [-d] [-v] [-t] [-e]\nâ;**
** print â\nOptions:\nâ;**
** print " -h : show this help\n";**
** print " -f : force certificate renew\n";**
** print " -d : comma-separated list of domains,\n";**
** print " if not set read from config db pki[LetsEncryptDomains]\n";**
** print " -v : verbose\n";**
** print " -t : testing, enable staging CA\n";**
** print " -e : use given mail for registration\n";**
}
my %options=();
getopts(âhvtfd:e:â, %options);
# make sure certificate dir exists
if ( ! -d $crtdir) {
** mkdir($crtdir);**
}
if (defined $options{h}) {
** help();**
** exit 0;**
}
if (defined $options{v}) {
** $verbose = 1;**
}
if (defined $options{f}) {
** $force = 1;**
}
if (defined $options{t}) {
** $testing = 1;**
** # copy existing cert dir into a temporary one**
** system(âmv $crtdir $crtdir_backupâ);**
}
if (defined $options{d}) {
** foreach (split(â,â,options{d})) {**
** push(@domains, _);**
** }**
}
if (defined $options{e}) {
** $mail = $options{e};**
} else {
** $mail = $cdb->get_prop(âpkiâ,âLetsEncryptMailâ) || ââ;**
}
# read domains from pki prop
if (!@domains) {
** my $le_domains = $cdb->get_prop(âpkiâ,âLetsEncryptDomainsâ) || ââ;**
** if ($le_domains) {**
** foreach (split(â,â,le_domains)) {**
** push(@domains, _);**
** }**
** }**
}
if (!@domains) {
** exit 0;**
}
# Renew certificate for all domains
renew(@domains);
if ($modified > 0) {
** if ($verbose) {**
** print âExecuting certificate-update eventâŠ\nâ;**
** }**
** if(esmith::event::event_signal(âcertificate-updateâ) == 0) {**
** exit 1;**
** }**
}
exit 0;
Thanks in advance,
George
