Automatic certificate renewal is useless if the services that use the certificate are not restarted.
- To have a service restarted after the certificate is renewed, use the "--restart" switch.
- --restart is followed by the command in quotes.
- example:
./cronic --restart "/usr/sbin/nginx -s reload"-
--restart commands can be added anytime, whether or not the certificate is renewed.
-
--restart commands only need to be added once.
-
the command will be run after a certificate is renewed.
-
to remove a restart command:
crontab -e- delete the line containing the command you wish to remove.
- cronic uses the certificate notAfter date to determine when to renew.
- renewal is scheduled for 5 days before certificate notAfter date.
- After the certificate is renewed, cronic automatically sets the next cron job.
- cronic has automatic Let's Encrypt certificate discovery.
- cronic support multiple certificates with different renewal dates, on the same server.
-
You can run cronic manually at any time, it won't break itself.
-
These are the conditioals used by cronic.
-
If the cert IS ready for renewal:
- cert is renewed.
- cron job created for next renewal at valid renewal time.
- crontab displayed.
- servicess are restarted to use the new certificate.
-
If the cert is NOT ready renewal:
- let's encrypt is not contacted.
- Cron job installed to valid renewal time.
- crontab displayed.
-
If the renewal process fails and renewal cannot be attempted:
- error messages printed.
- new cronjob installed for four hours later.
- crontab displayed.
-
Of course it runs on OpenBSD.
-
Also tested on Debian Sid.
- Python 3.6+
- openssl
- Any UNIX or Linux system using cron.
- certbot
- git clone the repo
git clone https://github.com/superkabuki/cronic - chmod cronic/cronic
chmod +x cronic/cronic - as root, run it.
cronic/cronic - run it once and you're done.
- It doesn't matter if you cert is up for renewal or not, cronic will handle it.
- It doesn't matter how many certs you have, cronic will handle it.