certbot: Add cron job to notify expiring certs
This commit is contained in:
parent
23dd98a34b
commit
dac04ee011
2 changed files with 33 additions and 0 deletions
16
roles/certbot/files/check-certs.sh
Executable file
16
roles/certbot/files/check-certs.sh
Executable file
|
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -eu
|
||||||
|
umask 077
|
||||||
|
|
||||||
|
certbot certificates 2> /dev/null | awk '
|
||||||
|
{
|
||||||
|
if (/^ Certificate Name: /) { cert = $3 }
|
||||||
|
if (/^ Expiry Date: /) {
|
||||||
|
days = $6
|
||||||
|
if (days < 30) {
|
||||||
|
print cert " " days " days"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'
|
||||||
|
|
@ -65,3 +65,20 @@
|
||||||
ansible.builtin.systemd:
|
ansible.builtin.systemd:
|
||||||
name: certbot-renew.timer
|
name: certbot-renew.timer
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
||||||
|
- name: Copy script to list expiring certificates
|
||||||
|
ansible.builtin.copy:
|
||||||
|
dest: /usr/local/bin/check-certs
|
||||||
|
src: check-certs.sh
|
||||||
|
mode: "0755"
|
||||||
|
owner: root
|
||||||
|
group: "{{ ansible_wheel }}"
|
||||||
|
|
||||||
|
- name: Cretae cronjob to list expiring certificates
|
||||||
|
ansible.builtin.cron:
|
||||||
|
name: check-certs
|
||||||
|
job: /usr/local/bin/check-certs
|
||||||
|
user: certbot
|
||||||
|
hour: "05"
|
||||||
|
minute: "00"
|
||||||
|
when: inventory_hostname == "adm01.home.foo.sh"
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue