Contact us

categories

04.01.16

Bash script – Letsencrypt certificate Auto Renewal

Server Maintenance Tools

You may like us – some https://letsencrypt.org/ lovers who use their free ssl certificates.

Letsencrypt provides many ways to install certificate. However, as far as I know, there is NO  script / command line for auto renewal.

Generate and install https certificate with letsencrypt

If you have never installed let’s encrypt before, you could follow this quick tutorial below:
git clone https://github.com/letsencrypt/letsencrypt
Gain access into let’s Encrypt directory
cd letsencrypt
Then generate ssl certificate
./letsencrypt-auto --renew-by-default --agree-tos -d MYDOMAINE.TLD --authenticator webroot --webroot-path "/home/MYDOMAIN.TLD/public_html/" --email MYMAIL@MYDOMAIN.TLD --server https://acme-v01.api.letsencrypt.org/directory auth

On apache > 2.2 you can do it quickly / easily
./letsencrypt-auto --renew-by-default --agree-tos -d MYDOMAINE.TLD --email MYMAIL@MYDOMAIN.TLD --server https://acme-v01.api.letsencrypt.org/directory auth
Now your certificates files are located in:
SSLCertificateFile /etc/letsencrypt/live/
You can install them on apache by adding this config:
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/MYDOMAINE.TLD/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/MYDOMAINE.TLD/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/MYDOMAINE.TLD/chain.pem

Script for let’s encrypt SSL certificates auto renewal

As you may know all certificates are only valid for 3 months. Therefore, you need to renew them once every three months. Ouch!

Here’s the way for automating it 😉

Create a config file
nano /PathToLetsencrypt/letsencrypt/cli.ini
And insert your infos
email=MYMAIL@MYDOMAIN.TLD
server=https://acme-v01.api.letsencrypt.org/directory
renew-by-default
agree-tos

Then create the script
nano /PathToLetsencrypt/letsencrypt/cron.sh
#!/bin/bash

LETSENCRYPT_DIRECTORY=”>/PathToLetsencrypt/letsencrypt/”
CONFIG_PATH=”>/PathToLetsencrypt/letsencrypt/cli.ini”

echo ”
################
# Script Start #
################”
# We display date
date

cd LETSENCRYPT_DIRECTORY

#array domains
declare -A DOMAINS
#you can add more elements
DOMAINS[“MYDOMAIN.TLD”]=”/home/MYDOMAIN.TLD/public_html/”
DOMAINS[“MYDOMAIN2.TLD”]=”/home/MYDOMAIN2.TLD/public_html/”

for i in “${!DOMAINS[@]}”
do
#domain name
domain=$i
#domain path
path=${DOMAINS[$domain]};

echo -e “\nDomain $i : \n############################################”
#run command
result=$(./letsencrypt-auto –config ${CONFIG_PATH} -d ${domain} –authenticator webroot –webroot-path ${path} certonly)
echo “${result}”

#display command
#echo “./letsencrypt-auto –config ${CONFIG_PATH} -d ${domain} –authenticator webroot –webroot-path ${path} certonly”;
done

echo “Reload Apache”
/etc/init.d/apache2 reload

# We display date
echo “End of script”
date

Make it executable
chmod +x /root/letsencrypt/cron.sh

Add a cron task every month. All’s fine now.
1 1 1 * * /PathToLetsencrypt/letsencrypt/cron.sh >> /PathToLetsencrypt/letsencrypt/cron.log

 

Available on Github:
https://github.com/sutunam/letsencrypt-autorenew

I hope I have been of some help. Do not hesitate to give us your feedback.

About Christophe

You need to drag a widget into your sidebar in the WordPress Admin

  • Scalable Drupal architecture Sep 20, 2016 Deploying Scalable Drupal: Tous au Restaurant 2016 Nowadays we work on all kinds of applications, from CMS, Symfony framework to eCommerce applications (like Magento 2) and everything in between. I’d like to come back on one of the most popular CMS applications we encounter: Drupal, and how […] Read more
    • Jan 4, 2016 Virtualmin + Lets encrypt: How to automate / script it If you use virtualmin and prefer to do it with let’s encrypt, my quick (and little dirty) script may help you. Be sure to check this related article: Automatically renew lets encrypt script bash In general, you can create a […] Read more