make renew hook executable; add systemd units and timer to renew certificates
This commit is contained in:
Philip Henning
parent
57845a3bdf
commit
428d5c288f
2 changed files with 32 additions and 0 deletions
0
scripts/cert_renew_hook.sh
Normal file → Executable file
0
scripts/cert_renew_hook.sh
Normal file → Executable file
|
|
@ -65,3 +65,35 @@ if [[ ! -d ./data/.lego ]]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Setup cronjob to automatically renew certificates
|
# Setup cronjob to automatically renew certificates
|
||||||
|
[[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.service ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.service && systemctl daemon-reload
|
||||||
|
[Unit]
|
||||||
|
Description=SSL Certificate renewal for sso.base23.de with LEGO
|
||||||
|
Documentation=https://go-acme.github.io/lego/
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=oneshot
|
||||||
|
ExecStart=/var/lib/apps/sso.base23.de/scripts/cert_renew.sh
|
||||||
|
WorkingDirectory=/var/lib/apps/sso.base23.de/
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
|
RemainAfterExit=yes
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
|
EOF
|
||||||
|
|
||||||
|
[[ ! -f /etc/systemd/system/lego-renew-sso-base23-de.timer ]] && cat <<EOF > /etc/systemd/system/lego-renew-sso-base23-de.timer && systemctl daemon-reload && systemctl enable --now lego-renew-sso-base23-de.timer
|
||||||
|
[Unit]
|
||||||
|
Description=SSL Certificate renewal for sso.base23.de with LEGO Timer
|
||||||
|
|
||||||
|
[Timer]
|
||||||
|
OnCalendar=*-*-* 01:32:00
|
||||||
|
# add extra delay, here up to 1 hour:
|
||||||
|
RandomizedDelaySec=1h
|
||||||
|
Persistent=true
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=timers.target
|
||||||
|
EOF
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue