Certbot SSL Renewal Script
I have a subdomain for a while that’s secured for free via certbot, but I was still manually refreshing the certificate every 45 days because that subdomain also runs an Nginx proxy. I hadn’t automated this renewal because the Nginx proxy can’t be up during certificate renewal; renewal depends on being able to run on port 80 and 443. (Certbot does this in order to confirm domain ownership.)
I’d been mulling over a complicated setup using Docker and containers until I gave up and just wrote a shell script (ash in this case since the server is running Alpine):
#!/bin/ash
set -e
service nginx stop
certbot renew --standalone
service nginx start
which I trigger once a month from cron
:
# min hour day month weekday command
0 2 1 * * /root/renew.sh
Note that certbot renew --standalone
requires running certbot manually at least once for every domain that the server hosts.
Is this portable and will it work for multiple servers? No. Do I care? Not at this time. Is this perfect? Nothing ever is.
Just one of those things that I can’t believe it took me this long to automate.