Scribd
Upload
87 views4 pages

SSL Certificate Renewal Automation

The document describes a Bash script that automates renewal of an SSL certificate issued by Let's Encrypt. The script defines variables for the domain and email, checks if renewal is needed, renews the certificate if needed, and logs the process.

Uploaded by

shashankmharse1533
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
87 views4 pages

SSL Certificate Renewal Automation

The document describes a Bash script that automates renewal of an SSL certificate issued by Let's Encrypt. The script defines variables for the domain and email, checks if renewal is needed, renews the certificate if needed, and logs the process.

Uploaded by

shashankmharse1533
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Automation for SSL Certificate Renewal: Post 4 of 5 [Script]

#!/bin/bash

# --------------------------------------------------------------------
# Script Name: ssh_certificate_lets_encrypt.sh
# Author: Shiivam Agnihotri
# Date: (12 March 2024)
# Description: Validate and Renew SSL certificate using Let’s Encrypt.
# --------------------------------------------------------------------

# Define domain and email variables


DOMAIN="devops-ocean.com"
EMAIL="[email protected]"

# Define the path to the Let's Encrypt script


LE_SCRIPT="/usr/bin/certbot"

# Define the path to the SSL certificate


CERTIFICATE_PATH="/etc/letsencrypt/live/$DOMAIN/fullchain.pem"

# Define the path to the certificate renewal log file


LOG_FILE="/var/log/certbot-renewal.log"

# Check if the certificate needs renewal


if ! $LE_SCRIPT renew --dry-run > $LOG_FILE 2>&1; then
# Certificate needs renewal, execute renewal
echo "$(date +"%Y-%m-%d %H:%M:%S") - Certificate for $DOMAIN needs renewal" >>
$LOG_FILE

# Execute certificate renewal


$LE_SCRIPT renew --noninteractive --agree-tos --email $EMAIL >> $LOG_FILE 2>&1
# Check if renewal was successful
if [ $? -eq 0 ]; then
echo "$(date +"%Y-%m-%d %H:%M:%S") - Certificate for $DOMAIN successfully renewed"
>> $LOG_FILE
# Restart web server to apply changes
systemctl restart nginx
else
echo "$(date +"%Y-%m-%d %H:%M:%S") - Certificate renewal for $DOMAIN failed" >>
$LOG_FILE
fi
else
# Certificate doesn't need renewal
echo "$(date +"%Y-%m-%d %H:%M:%S") - Certificate for $DOMAIN is up to date, no renewal
needed" >> $LOG_FILE
fi

Explanation

#!/bin/bash: This line is called a shebang and indicates that the script should be
executed using the Bash shell.

Comments: Lines starting with # are comments and are ignored by the shell. They are
used to provide information about the script, such as its purpose, author, and date.

Domain and Email Configuration:

The script begins by defining variables for the domain name (DOMAIN) for which the SSL
certificate is issued and the email address (EMAIL) associated with the certificate.

Let's Encrypt Script Path:

The script specifies the path to the Let's Encrypt script (certbot). This script is
responsible for certificate management, including renewal.

Certificate Path:
The path to the SSL certificate (CERTIFICATE_PATH) is defined. This certificate path is
typically where Let's Encrypt stores the certificate files.

Log File Path:

A path to a log file (LOG_FILE) is specified. This log file will contain information about
the certificate renewal process.

Checking Certificate Renewal:

The script uses the --dry-run option with certbot to check if the certificate needs
renewal. This option performs a test renewal without actually updating the certificate.

Certificate Renewal Process:

If the dry-run indicates that renewal is needed, the script executes the certificate
renewal process non-interactively (--noninteractive), agreeing to the Let's Encrypt terms
of service (--agree-tos) and providing the email address for notifications (--email).

Handling Renewal Outcome:

If the renewal process is successful, the script logs the event and restarts the web
server to apply the changes.

If the renewal fails, the script logs the failure.

Logging:

Throughout the script, various actions and outcomes are logged to the log file specified
earlier. This helps in tracking the certificate renewal process and troubleshooting any
issues

If you want to execute this script on every Sunday at 6pm then you can update like this
in crontab:
0 18 * * 0 /path/to/your/script.sh

You can customize it as per your need.

Explanation:

0: Minute (0 represents 6pm)


18: Hour (24-hour format; 18 corresponds to 6pm)
*: Day of month (ignored since we specify day of week)
*: Month (ignored since we specify day of week)
0: Day of week (0 or 7 both represent Sunday)
/path/to/your/script.sh: The path to your script file

Follow Shivam Agnihotri on LinkedIn for useful DevOps Content.

Join DevOps Ocean Group: https://www.linkedin.com/groups/9189158/

If you are looking for a Dedicated 1:1 session with me to boost your DevOps
Productivity, then please book a session from here: https://topmate.io/shivam_agnihotri

You might also like