Note to myself about let's encrypt auto-renew: Put letsencrypt in /etc/cron.weekly, edit the services that need to be restarted. The first snippet is for a relatively modern, systemd-enabled, system (Ubuntu 16.04), the second snippet target an ancient system (Ubuntu 14.04): The script assumes that the letsencrypt tool in installed (via Ubuntu PPA).

Recent systems:

#!/bin/sh
letsencrypt renew --pre-hook "systemctl stop apache2" --post-hook "systemctl start apache2"
res=$(find /etc/letsencrypt/live/ -type l -mtime -1)
if [ -n "$res" ]; then
  echo "letsencrypt: new keys"
  systemctl restart apache2
  systemctl restart postfix
  systemctl restart dovecot
else
  echo "letsencrypt: nothing to do"
fi

Ancient systems:

#!/bin/sh
letsencrypt renew --pre-hook "/etc/init.d/apache2 stop" --post-hook "/etc/init.d/apache2 start"
res=$(find /etc/letsencrypt/live/ -type l -mtime -1)
if [ -n "$res" ]; then
  echo "letsencrypt: new keys"
  /etc/init.d/apache2 restart
  #/etc/init.d/postfix restart
  #/etc/init.d/dovecot restart
else
  echo "letsencrypt: nothing to do"
fi

posted at: 10:37 | path: /configuration | permanent link