Wrapper script to renew and push out Lets Encrypt SSL certs. Handles wildcard domains.
Go to file
Rob Pearce 2d8ea1e8ec Merge remote-tracking branch 'refs/remotes/origin/master' 2022-07-28 19:37:26 +10:00
README.md Use restart instead of reload to cope with services where reload doesn't pick up new certs. 2022-07-28 19:34:33 +10:00
lehook.sh Merge remote-tracking branch 'refs/remotes/origin/master' 2022-07-28 19:37:26 +10:00

README.md

Overview

Script to automate management of letsencrypt SSL certificates, supporting wildcard certs.

Requirements

Features

  • Generation and renewal of SSL certificates using certbot
  • Handles DNS challenges
  • Supports wildcard certificates
  • Supports "silent master" DNS architectures
  • Pushes generated/renewed certificates out to web servers

Usage

# Generate configuration and scripts in ~/.lehook/
bash$ ./lehook.sh  -i
Creating config in /Users/rob/.lehook...
Creating hardlinks in /Users/rob/.lehook...
Init complete.  Files are in /Users/rob/.lehook.
Main binary in /usr/local/bin/lehook.sh.

# Usage
bash$ ./lehook.sh  -h
usage:  ./lehook.sh OPTIONS mode [domain1] ... [domainX]
       Pushes wildcard SSL certs for the given domains to hosts [default:  example.net].

       mode is one of:  deploy|renew|generate|test

      -c          Cron mode - only output if something is done.
      -f          Push out certs even if they haven't changed.
      -i          Iniitalise new config file in /Users/rpearce/.lehook/config
      -r remotes  Only push certs to the given remotes [default: webserver1 webserver2.example.org webserver3.example.net]
      -s services Only restart the given services [default: nginx httpd ngircd dovecot postfix]
      -d domain   Only push cert for given domain [default:  example.net].
      -q          Quiet mode - no output except errors
      -v          Verbose mode - show certbot output
      -h          Show this text.