No announcement yet.

[BASH Script] Let's Encrypt Auto-Renew

  • Filter
  • Time
  • Show
Clear All
new posts

    [BASH Script] Let's Encrypt Auto-Renew

    So, I've been trying a few different methods to use Let's Encrypt with Axigen. Unfortunately, when renewing the domains certbot can not bind to port 80. I could try using CLI to stop the port to do this, but for now.. this works for me. Downtime is a matter of a few seconds and it only needs bash to work.

    This will check your current certificate to validate when the cert will expire.
    It will compare that with the current date and validate the amount of days left.
    If there are less than 5 days left, it will: Stop axigen, remove old certificate, renew certificate, build the new certchain, update permissions, and then start Axigen.

    If you haven't already you'll need to create a certificate to use with this script.
    Replace MAIL.DOMAIN.COM with your main domain/sub-domain you are using for your server.
    Follow the setup for certbot.
    sudo yum install certbot
    cerbot certonly --standalone -d MAIL.DOMAIN.COM
    Multiple domains
    If you want to use multiple domains, follow the above to create your main domain that will be used for the script and then you can extend the certificate with multiple domains/sub-domains. Example:
    certbot certonly --standalone -d MAIL.DOMAIN.COM -d ALT.DOMAIN.COM -d MAIL.OTHERDOMAIN.COM
    Create the ssl directory to store your certificate for axigen to use.
    sudo mkdir /var/opt/axigen/ssl
    sudo chown -R axigen:axigen /var/opt/axigen/ssl
    Create your bash script and edit with your main domain.
    sudo nano ~/
    rawLastDay=`openssl x509 -noout -dates -in /etc/letsencrypt/live/"$domain"/cert.pem | grep notAfter | sed -e "s/^notAfter=//" -e ""| sed -e "s/GMT//" -e "" | awk -F' ' '{print $1 (NF>1? FS $2 : "") " " $4}'`
    daysLeft=`echo $(( ($(date --date="$rawLastDay" +%s) - $(date +%s) )/(60*60*24) ))`
    if (( "$daysLeft" > 5 )); then
            echo There are "$daysLeft" days left until the certificate expires!
            echo There are less than 5 days left in the cert expiration, attempting to renew.
            echo :Stopping Axigen Server
            service axigen stop
            echo :Removing old certchain
            rm -f /var/opt/axigen/ssl/"$domain".pem
            echo :Attempting to renew certificate
            certbot renew
            echo :Merging new certificate into certchain
            cat /etc/letsencrypt/live/"$domain"/cert.pem /etc/letsencrypt/live/"$domain"/privkey.pem > /var/opt/axigen/ssl/"$domain".pem
            echo :Updating permissions on certchain
            chown axigen:axigen /var/opt/axigen/ssl/"$domain".pem
            echo :Starting Axigen Server
            service axigen start
            echo :Certificates have been updated! Enjoy your next 3 months of SSL!!
    Set permissions to allow the file to be executed.
    sudo chmod +x ~/
    I suggest setting the crontab to run once every 24 hours.
    export EDITOR=nano; sudo crontab -e
    @daily ~/
    You'll need to update where your certificate points to in each of axigen's SSL listeners.
    Replace MAIL.DOMAIN.COM with your certificate's domain that you've set in the bash script.
    Let'sEncrypt Days Left
    BASH Variables
    BASH String Formatting
    BASH Compare Numbers
    Certificate Merge: I forgot where I originally found this bit of code to build the certificate chain. If anyone knows, I will be happy to give notice.

    Thank you Axigen & Community!
    I'm so grateful for what you've provided, I just want to help out the community as much as possible
    If someone has a way to stop port 80 and 443 over CLI (probably using curl) then I'll update the script to keep the server from having to restart.


    Thanks for sharing here your work.

    Please know that starting from Axigen X2 (which is used to label version 10.2) we include CLI support for generate (and renew) Let'sEncrypt certificates - more details are included here.



      Thanks so much for the above post - i can finally see the light of day after trying numerous times
      The include CLI support for generate (and renew) Let'sEncrypt certificates always gave an error that letsencrypt could not connect to server



      This is the legacy Axigen forum, which is no longer active.

      To create new topics & posts, please visit the new Axigen community.

      Axigen Community