From e9d655a92baa8e23c2d56994c15e3249b792cee8 Mon Sep 17 00:00:00 2001 From: Maarten de Waard Date: Tue, 23 Aug 2016 10:21:16 +0200 Subject: [PATCH] finish renewal script --- provisioning_client.sh | 58 +++++++++++++++++++++++------------------- 1 file changed, 32 insertions(+), 26 deletions(-) diff --git a/provisioning_client.sh b/provisioning_client.sh index 67a84f9..844170a 100644 --- a/provisioning_client.sh +++ b/provisioning_client.sh @@ -198,31 +198,37 @@ bash -c 'echo "vagrant ALL=NOPASSWD: /bin/systemctl restart haproxy" systemctl restart apache2 systemctl restart haproxy -#cat < /etc/systemd/system/letsencrypt.timer -#[Unit] -#Description=Run Let's Encrypt every 12 hours -# -#[Timer] -## Time to wait after booting before we run first time -#OnBootSec=2min -## Time between running each consecutive time -#OnUnitActiveSec=12h -#Unit=letsencrypt.service -# -#[Install] -#WantedBy=timers.target -#EOF -# -#cat < /etc/systemd/system/letsencrypt.service -#[Unit] -#Description=Renew Let's Encrypt Certificates -# -#[Service] -#Type=simple -#ExecStart=/usr/bin/certbot renew -q -#EOF -# -#systemctl enable letsencrypt.timer -#systemctl start letsencrypt.timer +# Scripts that run certificate renewal for all certificates every 12 hours. Only +# certificates that are due are renewed. +cat < /etc/systemd/system/letsencrypt.service +[Unit] +Description=Renew Let's Encrypt Certificates + +[Service] +Type=simple +User=vagrant +ExecStart=/usr/bin/certbot renew -q +EOF + +cat < /etc/systemd/system/letsencrypt.timer +[Unit] +Description=Run Let's Encrypt every 12 hours + +[Timer] +# Time to wait after booting before we run first time +OnBootSec=2min +# Time between running each consecutive time +OnUnitActiveSec=12h +Unit=letsencrypt.service + +[Install] +WantedBy=timers.target +EOF + +# Reload for when there were already other scripts in place. +systemctl daemon-reload +# Enable and start the timer, which runs the service. +systemctl enable letsencrypt.timer +systemctl start letsencrypt.timer echo "Provisioning completed."