Getting the Job Done with Let’s Encrypt

December 17, 2015 Slydder 0 Comments

The Let’s Encrypt project (or movement if you wish), backed by Facebook, Cisco, Akamai, Mozilla, EFF and many more; is now in open beta. Since closed beta started I have been hearing a lot of trash talking from people that are not happy with certain aspects of the implementation and requirements.

To be honest I have yet to run into a situation where I would have second thoughts regarding the use of the Let’s Encrypt software and/or services. Of course, one can never know what the future holds so you should probably take that statement with at least one grain of salt.

I had only 2 problems during the implementation:

1. Documentation: Still not up to par and ready for consumption by your average Joe. Admins will have no real problems though.

2. Automation: All the cron jobs I have seen in the wild are VERY minimal. That is if the job could even be classified as a script.

The first problem I can’t help with. However, the second one I have addressed and am offering to you here as a building block for your own implementations of Let’s Encrypt.

Basically I am checking that the cert has less than 24 hours until expiring before renewing the cert.

#!/bin/sh

OPENSSL=`which openssl`
LENCRYPT_BPATH=/opt/letsencrypt

if ${OPENSSL} x509 -checkend 86400 -noout -in /etc/letsencrypt/live/itadmins.net/cert.pem
then
exit 0
else
${LENCRYPT_BPATH}/letsencrypt-auto certonly --config /etc/letsencrypt/cli.ini --webroot-path /var/wwww/ -d itadmins.net -d www.itadmins.net --webroot-path /var/www/forums/ -d forums.itadmins.net --webroot-path /var/www/pastie/ -d pastie.itadmins.net --webroot-path /var/www/wiki/ -d wiki.itadmins.net
if [ $? -ne 0 ]
then
ERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`
echo -e "The Lets Encrypt Cert has not been renewed! \n \n" $ERRORLOG | mail -s "Lets Encrypt Cert Alert" postmaster@yourdomain.com
else
# Create single combined pem files as needed
cd /etc/letsencrypt/live/itadmins.net
cat cert.pem chain.pem privkey.pem > lighttpd.pem
# Restart the services needed
service apache2 reload
#service assp restart
#service lighttpd restart
#service nginx restart
fi
fi

exit 0

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.