powered by Jive Software

Openfire: How To Auto Renew Letsencrypt Certificate?

I would like to understand how to use certbot’s post-hook to automatically update certificates?

Having looked at the Certbot renew with post-hook documentation, it looks like I have to create a script and put it into /etc/letsencrypt/renewal-hooks/post folder - is that right?:

“You can also specify hooks by placing files in subdirectories of Certbot’s configuration directory. Assuming your configuration directory is /etc/letsencrypt , any executable files found in /etc/letsencrypt/renewal-hooks/pre , /etc/letsencrypt/renewal-hooks/deploy , and /etc/letsencrypt/renewal-hooks/post will be run as pre, deploy, and post hooks respectively when any certificate is renewed with the renew subcommand.”

I’m running OpenFire on a Raspberry Pi 3B/Rasbian Buster.

Would the following steps do the trick?:

sudo su
cd /etc/letsencrypt/renewal-hooks/post
nano copykeys.sh

Copy and paste:

#!/bin/bash
cp /etc/letsencrypt/live/MY-DOMAIN/privkey.pem /resources/security/hotdeploy/my-domain-privkey.pem
cp /etc/letsencrypt/live/MY-DOMAIN/privkey.pem /resources/security/hotdeploy/my-domain-privkey.pem

(obviously I change MY-DOMAIN for my domain)
Save and exit:

Ctrl and then X , then Y , then Enter

Then make script executable:

chmod +x copykeys.sh

Thanks for any advice

That seems about right. You will need to have installed Openfires certmanager plugin, which will monitor the hotdeploy directory.

There seems to be a copy/paste error in your copykeys script: it copies the same file twice. Instead, you will need to copy the private key as well as the certificate chain.

2 Likes

Thanks for the verification and pointing out the error. I’m going to update my OP to reflect your comments.

I don’t seem to be able to edit my posts anymore. Is that normal?

This is disabled because of spammers. They post a normal message to go through a spam filter and later edit it to add URLs…

1 Like