I have always had a problem with companies charging hundreds of dollars for certs, and I used to self sign certs for my mail servers, and that huge pain in the ass. My only issue is that I often forget to renew my certs in a timely manner. I've been using this for a couple of years and haven't even thought about my certs until just recently when I deployed a new OpenBSD mail server, I ran certbot got my cert, ran cronic and set a cron job, and I'm done.
***I can't believe I spelled emphatically correctly, on the first try.
- cronic uses the certificate notAfter date to determine when to renew.
- renewal is scheduled for 5 days before certificate notAfter date.
- After the certificate is renewed, cronic automatically sets the next cron job.
- cronic has automatic Let's Encrypt certificate discovery.
- cronic support multiple certificates with different renewal dates, on the same server.
-
If it's too early to renew the cert:
- let's encrypt is not contacted.
- Cron job installed to valid renewal time.
- crontab displayed.
-
If renewal fails:
- error messages printed.
- new cronjob installed for four hours later.
- crontab displayed.
-
If renewal time is valid:
- cert is renewed.
- cron job created for next renewal at valid renewal time.
- crontab displayed.
-
Of course it runs on OpenBSD.
-
Also tested on Debian Sid.
- Python 3.6+
- openssl
- Any UNIX or Linux system using cron.
- certbot
- git clone the repo
git clone https://github.com/superkabuki/cronic - chmod cronic/cronic
chmod +x cronic/cronic - as root, run it.
cronic/cronic - run it once and you're done.
- It doesn't matter if you cert is up for renewal or not, cronic will handle it.
- It doesn't matter how many certs you have, cronic will handle it.