RE: [qmailtoaster] letsencrypt cert renewal commands

[CarlC Internet Services Service Desk]

I created one that after you run the renew, it will install it”

 

#!/bin/bash

#

# Script to copy lets encrypt files to the right area and restart the needed 
services.

#

# Initial concept by RCC 06/08.2018

#

# Test if the letsencrypt live cert.pem file was changed in the last 24 hours...

#

if test `find "/etc/letsencrypt/live/secure.carlc.com/cert.pem" -mmin +1440`

then

        echo "Cert file is older than 1440 test minutes (24 hours)... STOP!"

        exit

fi

echo "Get to work, New cert file is younger than 1440 minutes (24 hours)..."

#

#

# Dovecot just needs a restart as they are using the /etc/letsencrypt/live 
files already

#

/usr/sbin/service dovecot restart

#

# Qmail SMTP-SSL

#

# Create a new /var/qmail/control/servercert.pem-NEW

#

# NOTE: order is critical, start with private key, then URL cert, then any 
intermediate files.

#

cat /etc/letsencrypt/live/secure.carlc.com/privkey.pem > 
/var/qmail/control/servercert.pem-NEW

cat /etc/letsencrypt/live/secure.carlc.com/cert.pem >> 
/var/qmail/control/servercert.pem-NEW

cat /etc/letsencrypt/live/secure.carlc.com/chain.pem >> 
/var/qmail/control/servercert.pem-NEW

#

# Swap out files, move current to OLD then NEW to current

#

mv /var/qmail/control/servercert.pem /var/qmail/control/servercert.pem-OLD

mv /var/qmail/control/servercert.pem-NEW /var/qmail/control/servercert.pem

chmod 644 /var/qmail/control/servercert.pem

chown root.vchkpw /var/qmail/control/servercert.pem

#

# Need to restart QMAIL

#

/etc/rc.d/init.d/qmail restart

#

# Webmin (thank you QMAIL, we can use the new PEM file as it's the same format)

#

/usr/sbin/service webmin stop

cat /var/qmail/control/servercert.pem > /etc/webmin/miniserv.pem

/usr/sbin/service webmin start

#

#

#

 

Just change the secure.carlc.com to the name of your server/cert. This assumes 
you have dovecot using the /etc/letsencrypt/live files for SSL/TLS.

 

Carl

 

From: Biju Jose | WHITES Systems [mailto:b...@whitesindia.com] 
Sent: Tuesday, December 03, 2019 03:29 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: RE: [qmailtoaster] letsencrypt cert renewal commands

 

Have you installed certbot ?

 

From: ChandranManikandan <kand...@gmail.com <mailto:kand...@gmail.com> > 
Sent: 03 December 2019 13:33
To: qmailtoaster-list@qmailtoaster.com 
<mailto:qmailtoaster-list@qmailtoaster.com> 
Subject: [qmailtoaster] letsencrypt cert renewal commands

 

Hi Friends,

 

I have installed letsencrypt on COS7 and i try to make cron job as per the 
below steps, but the cert renew and certbot folder are not there in /opt.

 

0 0 * * * /root /opt/certbot renew

 

Is any other way is there or did i made any mistake?

Anyone had the same problem?


 

-- 

Regards,
Manikandan.C