2020-03-27 21:41:18 +01:00
|
|
|
|
Renew certificates and notify on expiration
|
|
|
|
|
|
===========================================
|
|
|
|
|
|
|
2023-01-10 14:45:27 +01:00
|
|
|
|
[⬅️ Go back to main README](../README.md)
|
2020-03-27 21:41:18 +01:00
|
|
|
|
|
2022-02-12 13:05:56 +01:00
|
|
|
|
> ℹ️ **Info**: This script can not be used on its own but requires the base
|
2022-02-11 23:34:39 +01:00
|
|
|
|
> installation. See [main README](../README.md) for details.
|
2021-05-03 15:07:50 +02:00
|
|
|
|
|
2020-03-27 21:41:18 +01:00
|
|
|
|
Description
|
|
|
|
|
|
-----------
|
|
|
|
|
|
|
|
|
|
|
|
This script tries to download and renew certificates, then notifies about
|
|
|
|
|
|
certificates that are still about to expire.
|
|
|
|
|
|
|
2021-06-17 15:23:51 +02:00
|
|
|
|
### Sample notification
|
|
|
|
|
|
|
2022-10-20 10:18:05 +02:00
|
|
|
|
|
2021-06-17 15:23:51 +02:00
|
|
|
|
|
2020-03-27 21:41:18 +01:00
|
|
|
|
Requirements and installation
|
|
|
|
|
|
-----------------------------
|
|
|
|
|
|
|
|
|
|
|
|
Just install the script:
|
|
|
|
|
|
|
|
|
|
|
|
$ScriptInstallUpdate check-certificates;
|
|
|
|
|
|
|
|
|
|
|
|
Configuration
|
|
|
|
|
|
-------------
|
|
|
|
|
|
|
|
|
|
|
|
For automatic download and renewal of certificates you need configuration
|
|
|
|
|
|
in `global-config-overlay`, these are the parameters:
|
|
|
|
|
|
|
|
|
|
|
|
* `CertRenewPass`: an array of passphrases to try
|
2023-01-23 17:42:49 +01:00
|
|
|
|
* `CertRenewTime`: on what remaining time to try a renew
|
2020-03-27 21:41:18 +01:00
|
|
|
|
* `CertRenewUrl`: the url to download certificates from
|
2023-01-23 17:27:34 +01:00
|
|
|
|
* `CertWarnTime`: on what remaining time to warn via notification
|
2020-03-27 21:41:18 +01:00
|
|
|
|
|
2023-06-07 13:34:50 +02:00
|
|
|
|
> ℹ️ **Info**: Copy relevant configuration from
|
|
|
|
|
|
> [`global-config`](../global-config.rsc) (the one without `-overlay`) to
|
|
|
|
|
|
> your local `global-config-overlay` and modify it to your specific needs.
|
|
|
|
|
|
|
2023-04-06 15:19:23 +02:00
|
|
|
|
Certificates on the web server should be named by their common name, like
|
|
|
|
|
|
`CN.pem` (`PEM` format) or`CN.p12` (`PKCS#12` format). Alternatively any
|
|
|
|
|
|
subject alternative name (aka *Subject Alt Name* or *SAN*) can be used.
|
2020-03-27 21:41:18 +01:00
|
|
|
|
|
2022-09-23 15:07:30 +02:00
|
|
|
|
Also notification settings are required for
|
|
|
|
|
|
[e-mail](mod/notification-email.md),
|
|
|
|
|
|
[matrix](mod/notification-matrix.md) and/or
|
|
|
|
|
|
[telegram](mod/notification-telegram.md).
|
|
|
|
|
|
|
2020-03-27 21:41:18 +01:00
|
|
|
|
Usage and invocation
|
|
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
|
|
|
|
Just run the script:
|
|
|
|
|
|
|
2022-05-11 09:56:21 +02:00
|
|
|
|
/system/script/run check-certificates;
|
2020-03-27 21:41:18 +01:00
|
|
|
|
|
|
|
|
|
|
... or create a scheduler for periodic execution:
|
|
|
|
|
|
|
2022-05-11 09:56:21 +02:00
|
|
|
|
/system/scheduler/add interval=1d name=check-certificates on-event="/system/script/run check-certificates;" start-time=startup;
|
2020-03-27 21:41:18 +01:00
|
|
|
|
|
2020-09-03 13:06:20 +02:00
|
|
|
|
|
2023-05-31 15:58:21 +02:00
|
|
|
|
Tips & Tricks
|
|
|
|
|
|
-------------
|
|
|
|
|
|
|
|
|
|
|
|
The script checks for full connectivity before acting, so scheduling at
|
|
|
|
|
|
startup is perfectly valid:
|
|
|
|
|
|
|
|
|
|
|
|
/system/scheduler/add name=check-certificates@startup on-event="/system/script/run check-certificates;" start-time=startup;
|
2020-09-03 13:06:20 +02:00
|
|
|
|
|
2020-03-27 21:41:18 +01:00
|
|
|
|
See also
|
|
|
|
|
|
--------
|
|
|
|
|
|
|
|
|
|
|
|
* [Renew locally issued certificates](certificate-renew-issued.md)
|
|
|
|
|
|
|
|
|
|
|
|
---
|
2023-01-10 14:45:27 +01:00
|
|
|
|
[⬅️ Go back to main README](../README.md)
|
|
|
|
|
|
[⬆️ Go back to top](#top)
|
