Thank you Eric!
On Wed, Apr 27, 2022 at 2:23 PM Eric Broch <[email protected]> wrote:
> This is one gets all the certs as well as the qt mail cert as well
>
> #!/bin/bash
>
> mailcert () {
>
> cat /etc/letsencrypt/live/$1/privkey.pem
> /etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> cp ./servercert.pem /var/qmail/control/servercert.pem
> systemctl reload dovecot
> qmailctl stop && sleep 2 && qmailctl start
> }
>
> LOG=/var/log/certs.log
> days=100
>
> today=`date`
> today=`date --date="$today" --utc +%s`
> certdir=/etc/letsencrypt/live
> certfile=fullchain.pem
>
> qtcertdom=`openssl x509 -noout -subject -in
> /var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
>
> for certdom in `ls $certdir`
> do
> [[ "$certdom" = "README" ]] && continue
> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
> notAfter | sed 's/notAfter=//'`
> off=`date --date="$exp" --utc +%s`
> diff=$(( (off - today)/86400 ))
> echo "Certificate Domain: $certdom, Days to expire: $diff"
> echo ""
> if [ $diff -le $days ]
> then
> certbot renew --cert-name $certdom
> systemctl reload httpd
> [ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
> fi
> done
>
> exit 0
>
> On 4/27/2022 2:59 PM, Remo Mattei wrote:
> > Thank you!
> >
> >> On Apr 27, 2022, at 13:43, Eric Broch <[email protected]> wrote:
> >>
> >> This is the correct procedure for creating file updcerts.sh :
> >>
> >> cat <<'EOL'>> updcerts.sh
> >> #!/bin/bash
> >>
> >> mailcert () {
> >> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
> ./servercert.pem
> >> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> >> cp ./servercert.pem /var/qmail/control/servercert.pem
> >> systemctl reload dovecot
> >> qmailctl stop && sleep 2 && qmailctl start
> >> }
> >>
> >> LOG=/var/log/certs.log
> >> days=3
> >> today=`date`
> >> today=`date --date="$today" --utc +%s`
> >> certdir=/etc/letsencrypt/live
> >> certfile=fullchain.pem
> >>
> >> for certdom in `ls $certdir`
> >> do
> >> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
> grep notAfter | sed 's/notAfter=//'`
> >> off=`date --date="$exp" --utc +%s`
> >> diff=$(( (off - today)/86400 ))
> >> echo "Certificate Domain: $certdom, Days to expire: $diff"
> >> echo ""
> >> if [ $diff -le $days ]
> >> then
> >> certbot renew --cert-name $certdom
> >> systemctl reload httpd
> >> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
> >> fi
> >> done
> >> exit 0
> >> EOL
> >>
> >> On 4/27/2022 2:18 PM, Eric Broch wrote:
> >>> I run updcert.sh every night (set 'days=X', which is the number of
> days before expiration at which time the certificate will be updated):
> >>>
> >>> cat updcert.sh <<EOL
> >>>
> >>> #!/bin/bash
> >>>
> >>> mailcert () {
> >>> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
> ./servercert.pem
> >>> cp -p /var/qmail/control/servercert.pem
> /var/qmail/control/servercert.pem.bak
> >>> cp ./servercert.pem /var/qmail/control/servercert.pem
> >>> systemctl reload dovecot
> >>> qmailctl stop && sleep 2 && qmailctl start
> >>> }
> >>>
> >>> LOG=/var/log/certs.log
> >>> days=3
> >>>
> >>> today=`date`
> >>> today=`date --date="$today" --utc +%s`
> >>> certdir=/etc/letsencrypt/live
> >>> certfile=fullchain.pem
> >>>
> >>> for certdom in `ls $certdir`
> >>> do
> >>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
> grep notAfter | sed 's/notAfter=//'`
> >>> off=`date --date="$exp" --utc +%s`
> >>> diff=$(( (off - today)/86400 ))
> >>> echo "Certificate Domain: $certdom, Days to expire: $diff"
> >>> echo ""
> >>> if [ $diff -le $days ]
> >>> then
> >>> certbot renew --cert-name $certdom
> >>> systemctl reload httpd
> >>> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
> >>> fi
> >>> done
> >>>
> >>> exit 0
> >>>
> >>> EOL
> >>>
> >>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
> >>>> Hi David, can you share your config maybe I ping you offlinee.
> >>>>
> >>>> Remo
> >>>>
> >>>>> On Apr 26, 2022, at 23:55, David Bray <[email protected]> wrote:
> >>>>>
> >>>>> I'm using Letsencrypt and it renews every - well not sure, is it
> 10/11 weeks - the certs are valid for 3 months
> >>>>>
> >>>>> It never has an issue with iOS
> >>>>>
> >>>>> Cheers
> >>>>>
> >>>>> David Bray
> >>>>> e. [email protected]
> >>>>>
> >>>>> April 27, 2022 1:47 AM, "Remo Mattei" <[email protected]> wrote:
> >>>>>
> >>>>>> Hello guys,
> >>>>>> I got a few of my customers that every year after the upgrade of
> the SSL cert do have issues and
> >>>>>> shows cert expired or not valid. I did not have the issue on my
> iOS, but I just wonder if anyone
> >>>>>> has seen that and how they planned to overcome to this issue.
> >>>>>>
> >>>>>> Thanks,
> >>>>>> Remo
> >>>>>>
> ---------------------------------------------------------------------
> >>>>>> To unsubscribe, e-mail:
> [email protected]
> >>>>>> For additional commands, e-mail:
> [email protected]
> >>>>> ---------------------------------------------------------------------
> >>>>> To unsubscribe, e-mail:
> [email protected]
> >>>>> For additional commands, e-mail:
> [email protected]
> >>>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail:
> [email protected]
> >>>> For additional commands, e-mail:
> [email protected]
> >>>>
> >>> ---------------------------------------------------------------------
> >>> To unsubscribe, e-mail: [email protected]
> >>> For additional commands, e-mail:
> [email protected]
> >>>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: [email protected]
> >> For additional commands, e-mail:
> [email protected]
> >>
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [email protected]
> For additional commands, e-mail: [email protected]
>
>
