Skip to content

superkabuki/cronic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

40 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cronic
cronic
 
 

Repository files navigation

cronic auto-renew for certbot

image

cronic now restarts services.

 Automatic certificate renewal is useless if the services that use the certificate are  not restarted.

to have a service restarted after the certificate is renewed,
use the "--restart" switch with the service command to be
restarted in quotes.
example:

    ./cronic --restart "/usr/sbin/nginx -s reload"

restart commands can be added anytime, whether or not
the certificate is renewed.

restart commands only need to be added once.

the restart command will be run everytime a certificate is renewed.

to remove a restart command:

        crontab -e

delete the line containing the command you wish to remove.

I am a HUGE fan of certbot.

I have always had a problem with companies charging hundreds of dollars for certs, and I used to self sign certs for my mail servers, and that is a huge pain in the ass. My only issue is that I often forget to renew my certs in a timely manner. I've been using this for a couple of years and haven't even thought about my certs until just recently when I deployed a new OpenBSD mail server, I ran certbot got my cert, ran cronic and set a cron job, and I'm done.


certbot says:

image

cronic does it differently.

  • cronic uses the certificate notAfter date to determine when to renew.
  • renewal is scheduled for 5 days before certificate notAfter date.
  • After the certificate is renewed, cronic automatically sets the next cron job.
  • cronic has automatic Let's Encrypt certificate discovery.
  • cronic support multiple certificates with different renewal dates, on the same server.

cronic conditionals

  • You can run cronic manually at any time, it won't break itself.

  • These are the conditioals used by cronic.

  • If the cert is NOT ready renewal:

    • let's encrypt is not contacted.
    • Cron job installed to valid renewal time.
    • crontab displayed.

  • If the cert is ready for renewal:

    • cert is renewed.
    • cron job created for next renewal at valid renewal time.
    • crontab displayed.

  • If the renewal process fails and renewal cannot be attempted:

    • error messages printed.
    • new cronjob installed for four hours later.
    • crontab displayed.

  • Of course it runs on OpenBSD.

  • Also tested on Debian Sid.

cronic Requirements

  1. Python 3.6+
  2. openssl
  3. Any UNIX or Linux system using cron.
  4. certbot

Install cronic

  1. git clone the repo git clone https://github.com/superkabuki/cronic
  2. chmod cronic/cronic chmod +x cronic/cronic
  3. as root, run it. cronic/cronic
  4. run it once and you're done.
    • It doesn't matter if you cert is up for renewal or not, cronic will handle it.
    • It doesn't matter how many certs you have, cronic will handle it.

About

sane auto-renew for certbot

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages