cron jobs for let's encrypt ssl renewal with mongod on nginx
I ran into a problem with the script above. Unfortunately let's encrypt doens't override fullchain and privkey but adds new versions when certificate is due to renew:fullchain2.pem
privkey2.pem
So I had to alter the script accordingly. I also put the renew and nginx part inside so we need only one cronjob:
#!/bin/bash# stop nginx/etc/init.d/nginx stop# check for new cert/opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log# combine latest letsencrypt files for mongo# find latest fullchain*.pemnewestFull=$(ls -v /etc/letsencrypt/live/DOMAIN/fullchain*.pem | tail -n 1)echo "$newestFull"# find latest privkey*.pemnewestPriv=$(ls -v /etc/letsencrypt/live/DOMAIN/privkey*.pem | tail -n 1)echo "$newestPriv"# combine to mongo.pemcat {$newestFull,$newestPriv} | tee /etc/ssl/mongo.pem# set rights for mongo.pem chmod 600 /etc/ssl/mongo.pemchown mongodb:mongodb /etc/ssl/mongo.pem# restart mongo/sbin/restart mongod# start nginx/etc/init.d/nginx start
Ok, so here is what I ended up with.I wrote a little script:
#!/bin/bash# combine letsencrypt files for mongocat /etc/letsencrypt/archive/DOMAIN/{fullchain1.pem,privkey1.pem} | tee /etc/ssl/mongo.pem# set rights for mongo.pem chmod 600 /etc/ssl/mongo.pemchown mongodb:mongodb /etc/ssl/mongo.pem# restart mongo/sbin/restart mongod
and fire it with a cron job:
30 2 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /var/log/le-renew.log33 2 * * 1 cat /root/myScript35 2 * * 1 /etc/init.d/nginx reload