make sure to change the 'days' setting to 2 or 3.
On 4/27/2022 3:38 PM, Benjamin Baez wrote:
Thank you Eric!
On Wed, Apr 27, 2022 at 2:23 PM Eric Broch <[email protected]>
wrote:
This is one gets all the certs as well as the qt mail cert as well
#!/bin/bash
mailcert () {
cat /etc/letsencrypt/live/$1/privkey.pem
/etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
cp ./servercert.pem /var/qmail/control/servercert.pem
systemctl reload dovecot
qmailctl stop && sleep 2 && qmailctl start
}
LOG=/var/log/certs.log
days=100
today=`date`
today=`date --date="$today" --utc +%s`
certdir=/etc/letsencrypt/live
certfile=fullchain.pem
qtcertdom=`openssl x509 -noout -subject -in
/var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
for certdom in `ls $certdir`
do
[[ "$certdom" = "README" ]] && continue
exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile
| grep
notAfter | sed 's/notAfter=//'`
off=`date --date="$exp" --utc +%s`
diff=$(( (off - today)/86400 ))
echo "Certificate Domain: $certdom, Days to expire: $diff"
echo ""
if [ $diff -le $days ]
then
certbot renew --cert-name $certdom
systemctl reload httpd
[ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
fi
done
exit 0
On 4/27/2022 2:59 PM, Remo Mattei wrote:
> Thank you!
>
>> On Apr 27, 2022, at 13:43, Eric Broch <[email protected]>
wrote:
>>
>> This is the correct procedure for creating file updcerts.sh :
>>
>> cat <<'EOL'>> updcerts.sh
>> #!/bin/bash
>>
>> mailcert () {
>> cat
/etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
<http://mail.whitehorsetc.com/privkey.pem>
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem
<http://mail.whitehorsetc.com/fullchain.pem> > ./servercert.pem
>> cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> systemctl reload dovecot
>> qmailctl stop && sleep 2 && qmailctl start
>> }
>>
>> LOG=/var/log/certs.log
>> days=3
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>> certdir=/etc/letsencrypt/live
>> certfile=fullchain.pem
>>
>> for certdom in `ls $certdir`
>> do
>> exp=`openssl x509 -dates -noout <
$certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'`
>> off=`date --date="$exp" --utc +%s`
>> diff=$(( (off - today)/86400 ))
>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> echo ""
>> if [ $diff -le $days ]
>> then
>> certbot renew --cert-name $certdom
>> systemctl reload httpd
>> [ "$certdom" = "mail.whitehorsetc.com
<http://mail.whitehorsetc.com>" ] && mailcert
>> fi
>> done
>> exit 0
>> EOL
>>
>> On 4/27/2022 2:18 PM, Eric Broch wrote:
>>> I run updcert.sh every night (set 'days=X', which is the
number of days before expiration at which time the certificate
will be updated):
>>>
>>> cat updcert.sh <<EOL
>>>
>>> #!/bin/bash
>>>
>>> mailcert () {
>>> cat
/etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
<http://mail.whitehorsetc.com/privkey.pem>
/etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem
<http://mail.whitehorsetc.com/fullchain.pem> > ./servercert.pem
>>> cp -p /var/qmail/control/servercert.pem
/var/qmail/control/servercert.pem.bak
>>> cp ./servercert.pem /var/qmail/control/servercert.pem
>>> systemctl reload dovecot
>>> qmailctl stop && sleep 2 && qmailctl start
>>> }
>>>
>>> LOG=/var/log/certs.log
>>> days=3
>>>
>>> today=`date`
>>> today=`date --date="$today" --utc +%s`
>>> certdir=/etc/letsencrypt/live
>>> certfile=fullchain.pem
>>>
>>> for certdom in `ls $certdir`
>>> do
>>> exp=`openssl x509 -dates -noout <
$certdir/$certdom/$certfile | grep notAfter | sed 's/notAfter=//'`
>>> off=`date --date="$exp" --utc +%s`
>>> diff=$(( (off - today)/86400 ))
>>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>>> echo ""
>>> if [ $diff -le $days ]
>>> then
>>> certbot renew --cert-name $certdom
>>> systemctl reload httpd
>>> [ "$certdom" = "mail.whitehorsetc.com
<http://mail.whitehorsetc.com>" ] && mailcert
>>> fi
>>> done
>>>
>>> exit 0
>>>
>>> EOL
>>>
>>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
>>>> Hi David, can you share your config maybe I ping you offlinee.
>>>>
>>>> Remo
>>>>
>>>>> On Apr 26, 2022, at 23:55, David Bray <[email protected]>
wrote:
>>>>>
>>>>> I'm using Letsencrypt and it renews every - well not sure,
is it 10/11 weeks - the certs are valid for 3 months
>>>>>
>>>>> It never has an issue with iOS
>>>>>
>>>>> Cheers
>>>>>
>>>>> David Bray
>>>>> e. [email protected]
>>>>>
>>>>> April 27, 2022 1:47 AM, "Remo Mattei" <[email protected]> wrote:
>>>>>
>>>>>> Hello guys,
>>>>>> I got a few of my customers that every year after the
upgrade of the SSL cert do have issues and
>>>>>> shows cert expired or not valid. I did not have the issue
on my iOS, but I just wonder if anyone
>>>>>> has seen that and how they planned to overcome to this issue.
>>>>>>
>>>>>> Thanks,
>>>>>> Remo
>>>>>>
---------------------------------------------------------------------
>>>>>> To unsubscribe, e-mail:
[email protected]
>>>>>> For additional commands, e-mail:
[email protected]
>>>>>
---------------------------------------------------------------------
>>>>> To unsubscribe, e-mail:
[email protected]
>>>>> For additional commands, e-mail:
[email protected]
>>>>>
>>>>
---------------------------------------------------------------------
>>>> To unsubscribe, e-mail:
[email protected]
>>>> For additional commands, e-mail:
[email protected]
>>>>
>>>
---------------------------------------------------------------------
>>> To unsubscribe, e-mail:
[email protected]
>>> For additional commands, e-mail:
[email protected]
>>>
>>
---------------------------------------------------------------------
>> To unsubscribe, e-mail:
[email protected]
>> For additional commands, e-mail:
[email protected]
>>
>
>
---------------------------------------------------------------------
> To unsubscribe, e-mail:
[email protected]
> For additional commands, e-mail:
[email protected]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail:
[email protected]
