powered by Jive Software

Openfire: How To Auto Renew Letsencrypt Certificate?

I would like to understand how to use certbot’s post-hook to automatically update certificates?

Having looked at the Certbot renew with post-hook documentation, it looks like I have to create a script and put it into /etc/letsencrypt/renewal-hooks/post folder - is that right?:

“You can also specify hooks by placing files in subdirectories of Certbot’s configuration directory. Assuming your configuration directory is /etc/letsencrypt , any executable files found in /etc/letsencrypt/renewal-hooks/pre , /etc/letsencrypt/renewal-hooks/deploy , and /etc/letsencrypt/renewal-hooks/post will be run as pre, deploy, and post hooks respectively when any certificate is renewed with the renew subcommand.”

I’m running OpenFire on a Raspberry Pi 3B/Rasbian Buster.

Would the following steps do the trick?:

sudo su
cd /etc/letsencrypt/renewal-hooks/post
nano copykeys.sh

Copy and paste:

cp /etc/letsencrypt/live/MY-DOMAIN/privkey.pem /resources/security/hotdeploy/my-domain-privkey.pem
cp /etc/letsencrypt/live/MY-DOMAIN/privkey.pem /resources/security/hotdeploy/my-domain-privkey.pem

(obviously I change MY-DOMAIN for my domain)
Save and exit:

Ctrl and then X , then Y , then Enter

Then make script executable:

chmod +x copykeys.sh

Thanks for any advice

That seems about right. You will need to have installed Openfires certmanager plugin, which will monitor the hotdeploy directory.

There seems to be a copy/paste error in your copykeys script: it copies the same file twice. Instead, you will need to copy the private key as well as the certificate chain.


Thanks for the verification and pointing out the error. I’m going to update my OP to reflect your comments.

I don’t seem to be able to edit my posts anymore. Is that normal?

This is disabled because of spammers. They post a normal message to go through a spam filter and later edit it to add URLs…

1 Like