Thanks!
On Wed, Apr 27, 2022 at 2:41 PM Eric Broch <ebr...@whitehorsetc.com> wrote:
> make sure to change the 'days' setting to 2 or 3.
> On 4/27/2022 3:38 PM, Benjamin Baez wrote:
>
> Thank you Eric!
>
> On Wed, Apr 27, 2022 at 2:23 PM Eric Broch <ebr...@whitehorsetc.com>
> wrote:
>
>> This is one gets all the certs as well as the qt mail cert as well
>>
>> #!/bin/bash
>>
>> mailcert () {
>>
>> cat /etc/letsencrypt/live/$1/privkey.pem
>> /etc/letsencrypt/live/$1/fullchain.pem > ./servercert.pem
>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> systemctl reload dovecot
>> qmailctl stop && sleep 2 && qmailctl start
>> }
>>
>> LOG=/var/log/certs.log
>> days=100
>>
>> today=`date`
>> today=`date --date="$today" --utc +%s`
>> certdir=/etc/letsencrypt/live
>> certfile=fullchain.pem
>>
>> qtcertdom=`openssl x509 -noout -subject -in
>> /var/qmail/control/servercert.pem|sed 's/subject= \/CN=//'`
>>
>> for certdom in `ls $certdir`
>> do
>> [[ "$certdom" = "README" ]] && continue
>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile | grep
>> notAfter | sed 's/notAfter=//'`
>> off=`date --date="$exp" --utc +%s`
>> diff=$(( (off - today)/86400 ))
>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> echo ""
>> if [ $diff -le $days ]
>> then
>> certbot renew --cert-name $certdom
>> systemctl reload httpd
>> [ "$certdom" = "$qtcertdom" ] && mailcert $qtcertdom
>> fi
>> done
>>
>> exit 0
>>
>> On 4/27/2022 2:59 PM, Remo Mattei wrote:
>> > Thank you!
>> >
>> >> On Apr 27, 2022, at 13:43, Eric Broch <ebr...@whitehorsetc.com> wrote:
>> >>
>> >> This is the correct procedure for creating file updcerts.sh :
>> >>
>> >> cat <<'EOL'>> updcerts.sh
>> >> #!/bin/bash
>> >>
>> >> mailcert () {
>> >> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
>> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
>> ./servercert.pem
>> >> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> >> cp ./servercert.pem /var/qmail/control/servercert.pem
>> >> systemctl reload dovecot
>> >> qmailctl stop && sleep 2 && qmailctl start
>> >> }
>> >>
>> >> LOG=/var/log/certs.log
>> >> days=3
>> >> today=`date`
>> >> today=`date --date="$today" --utc +%s`
>> >> certdir=/etc/letsencrypt/live
>> >> certfile=fullchain.pem
>> >>
>> >> for certdom in `ls $certdir`
>> >> do
>> >> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
>> grep notAfter | sed 's/notAfter=//'`
>> >> off=`date --date="$exp" --utc +%s`
>> >> diff=$(( (off - today)/86400 ))
>> >> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> >> echo ""
>> >> if [ $diff -le $days ]
>> >> then
>> >> certbot renew --cert-name $certdom
>> >> systemctl reload httpd
>> >> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>> >> fi
>> >> done
>> >> exit 0
>> >> EOL
>> >>
>> >> On 4/27/2022 2:18 PM, Eric Broch wrote:
>> >>> I run updcert.sh every night (set 'days=X', which is the number of
>> days before expiration at which time the certificate will be updated):
>> >>>
>> >>> cat updcert.sh <<EOL
>> >>>
>> >>> #!/bin/bash
>> >>>
>> >>> mailcert () {
>> >>> cat /etc/letsencrypt/live/mail.whitehorsetc.com/privkey.pem
>> /etc/letsencrypt/live/mail.whitehorsetc.com/fullchain.pem >
>> ./servercert.pem
>> >>> cp -p /var/qmail/control/servercert.pem
>> /var/qmail/control/servercert.pem.bak
>> >>> cp ./servercert.pem /var/qmail/control/servercert.pem
>> >>> systemctl reload dovecot
>> >>> qmailctl stop && sleep 2 && qmailctl start
>> >>> }
>> >>>
>> >>> LOG=/var/log/certs.log
>> >>> days=3
>> >>>
>> >>> today=`date`
>> >>> today=`date --date="$today" --utc +%s`
>> >>> certdir=/etc/letsencrypt/live
>> >>> certfile=fullchain.pem
>> >>>
>> >>> for certdom in `ls $certdir`
>> >>> do
>> >>> exp=`openssl x509 -dates -noout < $certdir/$certdom/$certfile |
>> grep notAfter | sed 's/notAfter=//'`
>> >>> off=`date --date="$exp" --utc +%s`
>> >>> diff=$(( (off - today)/86400 ))
>> >>> echo "Certificate Domain: $certdom, Days to expire: $diff"
>> >>> echo ""
>> >>> if [ $diff -le $days ]
>> >>> then
>> >>> certbot renew --cert-name $certdom
>> >>> systemctl reload httpd
>> >>> [ "$certdom" = "mail.whitehorsetc.com" ] && mailcert
>> >>> fi
>> >>> done
>> >>>
>> >>> exit 0
>> >>>
>> >>> EOL
>> >>>
>> >>> On 4/27/2022 1:07 PM, Remo Mattei wrote:
>> >>>> Hi David, can you share your config maybe I ping you offlinee.
>> >>>>
>> >>>> Remo
>> >>>>
>> >>>>> On Apr 26, 2022, at 23:55, David Bray <da...@brayworth.com> wrote:
>> >>>>>
>> >>>>> I'm using Letsencrypt and it renews every - well not sure, is it
>> 10/11 weeks - the certs are valid for 3 months
>> >>>>>
>> >>>>> It never has an issue with iOS
>> >>>>>
>> >>>>> Cheers
>> >>>>>
>> >>>>> David Bray
>> >>>>> e. da...@brayworth.com
>> >>>>>
>> >>>>> April 27, 2022 1:47 AM, "Remo Mattei" <r...@mattei.org> wrote:
>> >>>>>
>> >>>>>> Hello guys,
>> >>>>>> I got a few of my customers that every year after the upgrade of
>> the SSL cert do have issues and
>> >>>>>> shows cert expired or not valid. I did not have the issue on my
>> iOS, but I just wonder if anyone
>> >>>>>> has seen that and how they planned to overcome to this issue.
>> >>>>>>
>> >>>>>> Thanks,
>> >>>>>> Remo
>> >>>>>>
>> ---------------------------------------------------------------------
>> >>>>>> To unsubscribe, e-mail:
>> qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >>>>>> For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >>>>>
>> ---------------------------------------------------------------------
>> >>>>> To unsubscribe, e-mail:
>> qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >>>>> For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >>>>>
>> >>>> ---------------------------------------------------------------------
>> >>>> To unsubscribe, e-mail:
>> qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >>>> For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >>>>
>> >>> ---------------------------------------------------------------------
>> >>> To unsubscribe, e-mail:
>> qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >>> For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >>>
>> >> ---------------------------------------------------------------------
>> >> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> >> For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >>
>> >
>> > ---------------------------------------------------------------------
>> > To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> > For additional commands, e-mail:
>> qmailtoaster-list-h...@qmailtoaster.com
>> >
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
>> For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com
>>
>>
