This article was originally published on bmf-tech.com.
Overview
This post introduces a script for automatically renewing Let's Encrypt certificates. I had created it before, but due to various issues and changes in server environments, I couldn't leave a complete version, so I have summarized it again.
Environment
- nginx v1.12.0
※ This post does not cover the installation of Let's Encrypt or how to execute shell scripts.
Script
This script renews the certificate once a month regardless of its expiration (--force-renew) and sends a Slack notification of the renewal result (success or failure).
The Slack configuration values are managed in an external file.
#!/bin/sh
# Import config
. /home/bmf/scripts/conf/slack.conf
# Stop Nginx
/usr/sbin/service nginx stop
# POST
if ! /home/bmf/certbot/certbot-auto renew --force-renew ; then
sleep 15
# Slack Title
TITLE=${TITLE:-"Let's Encrypt更新エラー通知"}
# Slack Message
MESSAGE=${MESSAGE:-"証明書の更新に失敗しました。"}
#POST
curl -s -S -X POST --data-urlencode "payload={
\"channel\": \"${SL_CH_LETSENCRYPT}\",
\"username\": \"${SL_BOTNAME}\",
\"attachments\": [{
\"color\": \"danger\",
\"fallback\": \"${TITLE}\",
\"title\": \"${TITLE}\",
\"text\": \"${MESSAGE}\"
}]
}" ${SL_WEBHOOKURL} > /dev/null
else
sleep 15
# Slack Title
TITLE=${TITLE:-"Let's Encrypt更新完了通知"}
# Slack Message
MESSAGE=${MESSAGE:-"証明書を更新しました!"}
#POST
curl -s -S -X POST --data-urlencode "payload={
\"channel\": \"${SL_CH_LETSENCRYPT}\",
\"username\": \"${SL_BOTNAME}\",
\"attachments\": [{
\"color\": \"danger\",
\"fallback\": \"${TITLE}\",
\"title\": \"${TITLE}\",
\"text\": \"${MESSAGE}\"
}]
}" ${SL_WEBHOOKURL} > /dev/null
fi
# Start nginx
/usr/sbin/service nginx start
Results
If successful,
If failed,
It's nonsensical that it's red whether it succeeds or fails...
Top comments (0)