using standard cron schedule. Fixing bug where certs were only copied…

… to certs dir on initial generation
ebarault · Jul 22, 2018 · b61d6d0 · b61d6d0
1 parent f54939b
commit b61d6d0
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 12 deletions.
diff --git a/crontab b/crontab
@@ -1,2 +1,2 @@
 # “At 02:00 on every 7th day-of-month from 1 through 31”
-0 2 1/7 * * /scripts/run_certbot.sh >> /var/log/letsencrypt/cron.log 2>&1
+0 2 1,7,14,21,28 * * /scripts/run_certbot.sh >> /var/log/letsencrypt/cron.log 2>&1
diff --git a/scripts/run_certbot.sh b/scripts/run_certbot.sh
@@ -28,6 +28,24 @@ issueCertificate() {
   return $?
 }
 
+copyCertificate() {
+  local d=${CERT_DOMAIN} # shorthand
+
+  # certs are copied to /certs directory
+  if [ "$CONCAT" = true ]; then
+   # concat the full chain with the private key (e.g. for haproxy)
+   cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
+   logger_info "Certificates for $d concatenated and copied to /certs dir"
+  else
+   # keep full chain and private key in separate files (e.g. for nginx and apache)
+   cp /etc/letsencrypt/live/$d/cert.pem /certs/$d.pem
+   cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key.pem
+   cp /etc/letsencrypt/live/$d/chain.pem /certs/$d.chain.pem
+   cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.fullchain.pem
+   logger_info "Certificates for $d and copied to /certs dir"
+  fi
+}
+
 processCertificates() {
   # Get the certificate for the domain(s) CERT_DOMAIN (a comma separated list)
   # The certificate will be named after the first domain in the list
@@ -64,6 +82,7 @@ processCertificates() {
           exitcode=1
         else
           logger_info "Renewed certificate for ${subject}"
+          copyCertificate
         fi
 
       else
@@ -79,18 +98,8 @@ processCertificates() {
       logger_error "Failed to request certificate! check /var/log/letsencrypt/letsencrypt.log!"
       exitcode=1
     else
-      # certs are copied to /certs directory
-      if [ "$CONCAT" = true ]; then
-        # concat the full chain with the private key (e.g. for haproxy)
-        cat /etc/letsencrypt/live/$d/fullchain.pem /etc/letsencrypt/live/$d/privkey.pem > /certs/$d.pem
-      else
-        # keep full chain and private key in separate files (e.g. for nginx and apache)
-        cp /etc/letsencrypt/live/$d/cert.pem /certs/$d.pem
-        cp /etc/letsencrypt/live/$d/privkey.pem /certs/$d.key.pem
-        cp /etc/letsencrypt/live/$d/chain.pem /certs/$d.chain.pem
-        cp /etc/letsencrypt/live/$d/fullchain.pem /certs/$d.fullchain.pem
-      fi
       logger_info "Certificate delivered for $CERT_DOMAIN"
+      copyCertificate
     fi
   fi
 }