04.01.16

Bash script – Letsencrypt certificate Auto Renewal

You may like us – some https://letsencrypt.org/ lovers who use their free ssl certificates.

Letsencrypt provides many ways to install certificate. However, as far as I know, there is NO  script / command line for auto renewal.

Generate and install https certificate with letsencrypt

If you have never installed let’s encrypt before, you could follow this quick tutorial below:
git clone https://github.com/letsencrypt/letsencrypt
Gain access into let’s Encrypt directory
cd letsencrypt
Then generate ssl certificate
./letsencrypt-auto --renew-by-default --agree-tos -d MYDOMAINE.TLD --authenticator webroot --webroot-path "/home/MYDOMAIN.TLD/public_html/" --email MYMAIL@MYDOMAIN.TLD --server https://acme-v01.api.letsencrypt.org/directory auth

On apache > 2.2 you can do it quickly / easily
./letsencrypt-auto --renew-by-default --agree-tos -d MYDOMAINE.TLD --email MYMAIL@MYDOMAIN.TLD --server https://acme-v01.api.letsencrypt.org/directory auth
Now your certificates files are located in:
SSLCertificateFile /etc/letsencrypt/live/
You can install them on apache by adding this config:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/MYDOMAINE.TLD/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/MYDOMAINE.TLD/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/MYDOMAINE.TLD/chain.pem

Script for let’s encrypt SSL certificates auto renewal

As you may know all certificates are only valid for 3 months. Therefore, you need to renew them once every three months. Ouch!

Here’s the way for automating it 😉

Create a config file
nano /PathToLetsencrypt/letsencrypt/cli.ini
And insert your infos
email=MYMAIL@MYDOMAIN.TLD
server=https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-tos

Then create the script
nano /PathToLetsencrypt/letsencrypt/cron.sh
#!/bin/bash

LETSENCRYPT_DIRECTORY=”>/PathToLetsencrypt/letsencrypt/”
CONFIG_PATH=”>/PathToLetsencrypt/letsencrypt/cli.ini”

echo ”
################
# Script Start #
################”
# We display date
date

cd LETSENCRYPT_DIRECTORY

#array domains
declare -A DOMAINS
#you can add more elements
DOMAINS[“MYDOMAIN.TLD”]=”/home/MYDOMAIN.TLD/public_html/”
DOMAINS[“MYDOMAIN2.TLD”]=”/home/MYDOMAIN2.TLD/public_html/”

for i in “${!DOMAINS[@]}”
do
#domain name
domain=$i
#domain path
path=${DOMAINS[$domain]};

echo -e “\nDomain $i : \n############################################”
#run command
result=$(./letsencrypt-auto –config ${CONFIG_PATH} -d ${domain} –authenticator webroot –webroot-path ${path} certonly)
echo “${result}”

#display command
#echo “./letsencrypt-auto –config ${CONFIG_PATH} -d ${domain} –authenticator webroot –webroot-path ${path} certonly”;
done

echo “Reload Apache”
/etc/init.d/apache2 reload

# We display date
echo “End of script”
date

Make it executable
chmod +x /root/letsencrypt/cron.sh

Add a cron task every month. All’s fine now.
1 1 1 * * /PathToLetsencrypt/letsencrypt/cron.sh >> /PathToLetsencrypt/letsencrypt/cron.log

 

Available on Github:
https://github.com/sutunam/letsencrypt-autorenew

I hope I have been of some help. Do not hesitate to give us your feedback.

About Christophe