...
Automatic certificate renewal uses a cronjob to run the update command twice a day.
1 1. Ensure the following command returns successfully. It will not make any changes. It will be used in the cronjob to update the certificate if it is in need of renewal.
| Code Block | ||||
|---|---|---|---|---|
| ||||
user@ls:/var/www# sudo ./certbot-auto --config /etc/letsencrypt/configs/ls.datim4u.org.conf certonly --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log Cert not due for renewal, but simulating renewal for dry run Renewing an existing certificate Performing the following challenges: http-01 challenge for cert.test2.ohie.org Using the webroot path /var/www/html for all unmatched domains. Waiting for verification... Cleaning up challenges Generating key (4096 bits): /etc/letsencrypt/keys/0009_key-certbot.pem Creating CSR: /etc/letsencrypt/csr/0009_csr-certbot.pem IMPORTANT NOTES: - The dry run was successful. |
2 2. Create a bash script to run when a certificate is updated, updating the certificates recorded in the OpenHIM system.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
In Progress |
3 3. Create a bash script which will be run by a cronjob.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#!/bin/bash ## navigate to directory with ./certbot-auto cd /path/to/certbot-auto ## check if the certificate is expiring soon and renew it if needed sudo ./certbot-auto --config /etc/letsencrypt/configs/cert.test2.ohie.org certonly --renew-hook "/bin/certbot_renewal/update_OpenHIM.sh" -n # -n ensures a noninteractive session # --renew-hook command only fires if a certificate is renewed exit 0 |
4 4. Create a cronjob to run twice a day, once at 1:00 AM and once at 1:00 PM.
...