The
Let's Encrypt certificate I use for an email server again wasn't
automatically renewed - see
Let's Encrypt certificate expired. The Let's Encrypt certificates exipre
every 90 days, so I wanted the system to automatically email me a message
at least a week before the certificate expires. I manually renewed the
certificate today by running the command letsencrypt renew
from the root account and checked the new expiration date with the command
openssl x509 -enddate -noout -i cert_pem_file_location
where cert_pem_file_location is the location of the relevant
cert.pem file.
# openssl x509 -enddate -noout -in /etc/letsencrypt/live/moonpoint.com/cert.pem notAfter=Sep 8 19:14:00 2017 GMT #
Since the new certificate expiration date is September 8, 2017, I wanted an email notice sent to me on September 1. I can then manually renew the certificate, if needed. I would then want to be notified every 3 months again indefinitely. Since the mailx utility is a standard email program found on Linux and OS X/macOS systems, I use it for sending scheduled email messages.
To have mailx send the output of a script/program by email, you can pipe
the output of the program into mailx, e.g.,
program | mailx -s "Subject_for_Message"
email_address where Subject_for_Message is whatever you
would like to appear as the subject for the email message and email_address
is the recipient's email address. E.g., I can use the openssl command
to determine when the Let's Encrypt certificate will expire as shown above.
I can
pipe it's output into mailx as shown below:
openssl x509 -enddate -noout -in /etc/letsencrypt/live/moonpoint.com/cert.pem | mailx -s "Let's Encrypt Certificate Expiration" jdoe@example.com
The above command would result in mailx sending an email with the subject "Let's Encrypt Certificate Expiration" and "notAfter=Sep 8 19:14:00 2017 GMT" in the body of the message.
I can put the line above in a script named checkcert.sh:
#!/bin/bash
openssl x509 -enddate -noout -in /etc/letsencrypt/live/moonpoint.com/cert.pem | mailx -s "Let's Encrypt Certificate Expiration" jdoe@example.com
I can make the script executable by changing the
file permissions on it
with chmod 744 checkcert.sh. I can then schedule the script to be
executed every 3 months starting on September 1 by issuing the
crontab command
crontab -e for the root account to add the following line to the
crontab file:
0 9 01 Sep,Dec,Mar,Jun * /root/bin/checkcert.sh
The first 5 space-separated elements on the line in the crontab file are scheduling elements:
The first 5 elements on the line in the crontab file are scheduling elements:
# ┌───────────── min (0 - 59) # │ ┌────────────── hour (0 - 23) # │ │ ┌─────────────── day of month (1 - 31) # │ │ │ ┌──────────────── month (1 - 12 or the short name of the month, e.g., Jan, Feb, etc.) # │ │ │ │ ┌───────────────── day of week (0 - 6) (0 to 6 are Sunday to # │ │ │ │ │ Saturday, or use names; 7 is also Sunday) # │ │ │ │ │ # │ │ │ │ │ # * * * * * command to execute
So the "0 9 01" at the beginning of the line indicates that the script should be run at 9:00 AM on the first day of the month. I can then specify the months in which I want the command to be executed. I put "*" for the day of the week since I don't want to specify a specific day of the week, so the day of the week can match any possible value. The last item on the line is the location of the script I want to run.
Related articles: