Skip to content

superkabuki/cronic

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
cronic
cronic
 
 

Repository files navigation

cronic is auto-renew for certbot

cronic does it differently.

  • cronic uses the certificate notAfter date to determine when to renew.
  • renewal is scheduled for 5 days before certificate notAfter date.
  • After the certificate is renewed, cronic automatically sets the next cron job.
  • cronic has automatic Let's Encrypt certificate discovery.
  • cronic support multiple certificates with different renewal dates, on the same server.
  • cronic restarts services that use the certificates.
  • pylint score: 9.94
  • cyclomatic complexity: 2.0 (A)

cronic Requirements

  1. Python 3.6+
  2. OpenSSL
  3. Any UNIX or Linux system that uses cron.
  4. certbot

How to Use

  1. Install certbot as instructed in the certbot directions. If you already have certbot installed, cool.
  2. Download cronic
 curl https://raw.githubusercontent.com/superkabuki/cronic/refs/heads/main/cronic -o cronic
  1. as root install cronic.
install cronic /usr/local/bin
  1. as root run cronic. cronic will find and check your cert renewal date.
    If you have multiple certs, no problem. cronic will find them and set the proper renewal times for them.
cronic

Automatic certificate renewal is useless
if the services that use the certificate are not restarted.

  1. To restart a service, such as nginx, after the cert is renewed,
    pass the command to cronic using the --restart switch
# OpenBSD
root@iodisco[~] cronic --restart 'rcctl restart nginx'

# Linux
root@iodisco[~] cronic --restart 'nginx -s reload'
  1. Rerun cronic anytime you want, Add restart commands anytime you want. cronic cleans up after itself.
    To remove a restart command run crontab -e and delete the lines you want to remove.
crontab -e
  1. cronic help
cronic -h

cronic conditionals

  • You can run cronic manually at any time, it won't break itself.

  • These are the conditionals used by cronic.

  • If the cert IS ready for renewal:

    • cert is renewed.
    • cron job created for next renewal at valid renewal time.
    • crontab displayed.
    • servicess are restarted to use the new certificate.

  • If the cert is NOT ready renewal:

    • let's encrypt is not contacted.
    • Cron job installed to valid renewal time.
    • crontab displayed.

  • If the renewal process fails and renewal cannot be attempted:

    • error messages printed.
    • new cronjob installed for four hours later.
    • crontab displayed.
image
  • Of course it runs on OpenBSD.
  • Also tested on Debian Sid.

About

auto-renew for certbot

Topics

python certbot big boobs auto-renewal aod pypy3 your-momma cert-renewal adrian-of-doom certbot-auto-renew big-ass-titties

Resources

Readme

License

BSD-2-Clause license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages