certhub-cert-expiry@.service
certhub-cert-expiry@.timer
A service which checks validity of a certificate read from the repository. Formats a message and writes it to a status file if the respective certificate is about to expire.
A timer unit which runs the service twice daily.
The instance name (systemd instance string specifier %i
) is used as the basename of the certificate file and the resulting status message.
CERTHUB_REPO
URL of the repository where certificates are stored. Defaults to: /var/lib/certhub/certs.git
CERTHUB_CERT_PATH
Path to the certificate file inside the repository. Defaults to: {WORKDIR}/%i.fullchain.pem
CERTHUB_CERT_EXPIRY_TTL
See manpage:certhub-cert-expiry(1), defaults to 30 days in seconds, i.e. 2592000
CERTHUB_CERT_EXPIRY_MESSAGE
Message written to the status file if certificate is about to expire. Defaults to Certificate will expire within 30 days
CERTHUB_CERT_EXPIRY_STATUSFILE
Location of status file written if a certificate is about to expire. Defaults to: /var/lib/certhub/status/%i.expiry.status
/etc/certhub/env
Optional environment file shared by all instances and certhub services.
/etc/certhub/%i.env
Optional per-instance environment file shared by all certhub services.
/etc/certhub/certhub-cert-expiry.env
Optional per-service environment file shared by all certhub service instances.
/etc/certhub/%i.certhub-cert-expiry.env
Optional per-instance and per-service environment file.
certhub-cert-expiry(1)
, certhub-format-message(1)
, certhub-status-file(1)