httpd acme-client renew multiple domains

classic Classic list List threaded Threaded
13 messages Options
Reply | Threaded
Open this post in threaded view
|

httpd acme-client renew multiple domains

Geir Svalland-2
Hello
mtp$ uname -a
OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64

I'm hosting and serving multiple domains, 5 of them, using httpd.
The domains are declared in /etc/acme-client.conf, and in my initial
setup I used the command "acme-client -vAD example.com" on every domain
to create
the certs. All of this is working great, but my question is regarding
updating.

I intend to use a cron job for this, "acme-client example.com && rcctl
reload httpd"
but I'm not able to get this working for all of the domains in one
single command.

Is that possible to do ?
Or do I have to use 5 differen lines with one domain name on each?

All the best
Geir Svalland

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Mischa-2
Hi Geir,

I have solved this with a little script.

###
#!/bin/sh
OUT=2
/usr/sbin/acme-client -v www.example.com
if test  $? -eq 0
then EXT=$?
fi
/usr/sbin/acme-client -v www.example1.com
if test $? -eq 0
then EXT=$?
fi
if test $EXT -eq 0
then
        echo "New certificates installed."
        rcctl restart httpd
else echo "No new certificates installed."
fi
###

Added the following to cron:
@daily  sleep $((RANDOM \% 2048)) && /home/mischa/bin/lets.sh

Hope this helps.

Mischa


On 23 Mar at 16:39, Geir Svalland <[hidden email]> wrote:

> Hello
> mtp$ uname -a
> OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
>
> I'm hosting and serving multiple domains, 5 of them, using httpd.
> The domains are declared in /etc/acme-client.conf, and in my initial
> setup I used the command "acme-client -vAD example.com" on every domain
> to create
> the certs. All of this is working great, but my question is regarding
> updating.
>
> I intend to use a cron job for this, "acme-client example.com && rcctl
> reload httpd"
> but I'm not able to get this working for all of the domains in one
> single command.
>
> Is that possible to do ?
> Or do I have to use 5 differen lines with one domain name on each?
>
> All the best
> Geir Svalland
>

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Hasse Hansson
On Sat, Mar 23, 2019 at 07:05:53PM +0100, Mischa wrote:

> Hi Geir,
>
> I have solved this with a little script.
>
> ###
> #!/bin/sh
> OUT=2
> /usr/sbin/acme-client -v www.example.com
> if test  $? -eq 0
> then EXT=$?
> fi
> /usr/sbin/acme-client -v www.example1.com
> if test $? -eq 0
> then EXT=$?
> fi
> if test $EXT -eq 0
> then
>         echo "New certificates installed."
>         rcctl restart httpd
> else echo "No new certificates installed."
> fi
> ###
>
> Added the following to cron:
> @daily  sleep $((RANDOM \% 2048)) && /home/mischa/bin/lets.sh
>
> Hope this helps.
>
> Mischa
>
>
> On 23 Mar at 16:39, Geir Svalland <[hidden email]> wrote:
> > Hello
> > mtp$ uname -a
> > OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
> >
> > I'm hosting and serving multiple domains, 5 of them, using httpd.
> > The domains are declared in /etc/acme-client.conf, and in my initial
> > setup I used the command "acme-client -vAD example.com" on every domain
> > to create
> > the certs. All of this is working great, but my question is regarding
> > updating.
> >
> > I intend to use a cron job for this, "acme-client example.com && rcctl
> > reload httpd"
> > but I'm not able to get this working for all of the domains in one
> > single command.
> >
> > Is that possible to do ?
> > Or do I have to use 5 differen lines with one domain name on each?
> >
> > All the best
> > Geir Svalland
> >
>

Thank you very much Mischa.
Yes, this will do it for me. Very nice.

Have a nice weekend.

/Geir

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Sebastian Benoit
In reply to this post by Geir Svalland-2
Geir Svalland([hidden email]) on 2019.03.23 15:39:13 +0000:

> Hello
> mtp$ uname -a
> OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
>
> I'm hosting and serving multiple domains, 5 of them, using httpd.
> The domains are declared in /etc/acme-client.conf, and in my initial
> setup I used the command "acme-client -vAD example.com" on every domain
> to create
> the certs. All of this is working great, but my question is regarding
> updating.
>
> I intend to use a cron job for this, "acme-client example.com && rcctl
> reload httpd"
> but I'm not able to get this working for all of the domains in one
> single command.
>
> Is that possible to do ?
> Or do I have to use 5 differen lines with one domain name on each?

Currently acme-client does not do that.

Use mishas script.

Or modify acme-client to itterate over all domains in the config file.
If you do that, i suggest to only do it for the renew case.

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Geir Svalland-2

On 2019-03-23 22:18, Sebastian Benoit wrote:

> Geir Svalland([hidden email]) on 2019.03.23 15:39:13 +0000:
>> Hello
>> mtp$ uname -a
>> OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
>>
>> I'm hosting and serving multiple domains, 5 of them, using httpd.
>> The domains are declared in /etc/acme-client.conf, and in my initial
>> setup I used the command "acme-client -vAD example.com" on every domain
>> to create
>> the certs. All of this is working great, but my question is regarding
>> updating.
>>
>> I intend to use a cron job for this, "acme-client example.com && rcctl
>> reload httpd"
>> but I'm not able to get this working for all of the domains in one
>> single command.
>>
>> Is that possible to do ?
>> Or do I have to use 5 differen lines with one domain name on each?
> Currently acme-client does not do that.
>
> Use mishas script.
>
> Or modify acme-client to itterate over all domains in the config file.
> If you do that, i suggest to only do it for the renew case.
Thank you very much for your answer Sebastian.
Yes, I will use Mischas script.

/Geir

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Hasse Hansson
In reply to this post by Mischa-2
On Sat, Mar 23, 2019 at 07:05:53PM +0100, Mischa wrote:

> Hi Geir,
>
> I have solved this with a little script.
>
> ###
> #!/bin/sh
> OUT=2
> /usr/sbin/acme-client -v www.example.com
> if test  $? -eq 0
> then EXT=$?
> fi
> /usr/sbin/acme-client -v www.example1.com
> if test $? -eq 0
> then EXT=$?
> fi
> if test $EXT -eq 0
> then
>         echo "New certificates installed."
>         rcctl restart httpd
> else echo "No new certificates installed."
> fi
> ###
>
> Added the following to cron:
> @daily  sleep $((RANDOM \% 2048)) && /home/mischa/bin/lets.sh
>
> Hope this helps.
>
> Mischa
>
>
> On 23 Mar at 16:39, Geir Svalland <[hidden email]> wrote:
> > Hello
> > mtp$ uname -a
> > OpenBSD smtp.thorshammare.org 6.4 GENERIC.MP#8 amd64
> >
> > I'm hosting and serving multiple domains, 5 of them, using httpd.
> > The domains are declared in /etc/acme-client.conf, and in my initial
> > setup I used the command "acme-client -vAD example.com" on every domain
> > to create
> > the certs. All of this is working great, but my question is regarding
> > updating.
> >
> > I intend to use a cron job for this, "acme-client example.com && rcctl
> > reload httpd"
> > but I'm not able to get this working for all of the domains in one
> > single command.
> >
> > Is that possible to do ?
> > Or do I have to use 5 differen lines with one domain name on each?
> >
> > All the best
> > Geir Svalland
> >
>

Thank you very much for your answer Mischa.
I will use your solution.

/Geir

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Stuart Henderson
In reply to this post by Mischa-2
On 2019-03-23, Mischa <[hidden email]> wrote:

> Hi Geir,
>
> I have solved this with a little script.
>
> ###
> #!/bin/sh
> OUT=2
> /usr/sbin/acme-client -v www.example.com
> if test  $? -eq 0
> then EXT=$?
> fi
> /usr/sbin/acme-client -v www.example1.com
> if test $? -eq 0
> then EXT=$?
> fi
> if test $EXT -eq 0
> then
>         echo "New certificates installed."
>         rcctl restart httpd
> else echo "No new certificates installed."
> fi
> ###

Simpler:

for i in www.example.com www.example1.com; do
  acme-client -v $i && reload=y
done
[[ -n $reload ]] && rcctl reload httpd


Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Hasse Hansson
On Mon, Mar 25, 2019 at 12:40:23AM -0000, Stuart Henderson wrote:

> On 2019-03-23, Mischa <[hidden email]> wrote:
> > Hi Geir,
> >
> > I have solved this with a little script.
> >
> > ###
> > #!/bin/sh
> > OUT=2
> > /usr/sbin/acme-client -v www.example.com
> > if test  $? -eq 0
> > then EXT=$?
> > fi
> > /usr/sbin/acme-client -v www.example1.com
> > if test $? -eq 0
> > then EXT=$?
> > fi
> > if test $EXT -eq 0
> > then
> >         echo "New certificates installed."
> >         rcctl restart httpd
> > else echo "No new certificates installed."
> > fi
> > ###
>
> Simpler:
>
> for i in www.example.com www.example1.com; do
>   acme-client -v $i && reload=y
> done
> [[ -n $reload ]] && rcctl reload httpd
>
>

Thanks a lot.
/Geir

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Mischa-2
In reply to this post by Stuart Henderson


> On 25 Mar 2019, at 01:40, Stuart Henderson <[hidden email]> wrote:
>
> On 2019-03-23, Mischa <[hidden email]> wrote:
>> Hi Geir,
>>
>> I have solved this with a little script.
>>
>> ###
>> #!/bin/sh
>> OUT=2
>> /usr/sbin/acme-client -v www.example.com
>> if test  $? -eq 0
>> then EXT=$?
>> fi
>> /usr/sbin/acme-client -v www.example1.com
>> if test $? -eq 0
>> then EXT=$?
>> fi
>> if test $EXT -eq 0
>> then
>>        echo "New certificates installed."
>>        rcctl restart httpd
>> else echo "No new certificates installed."
>> fi
>> ###
>
> Simpler:
>
> for i in www.example.com www.example1.com; do
>  acme-client -v $i && reload=y
> done
> [[ -n $reload ]] && rcctl reload httpd

Nice!! I have a couple of more domains in there, so the 'for' becomes a little ugly, but I keep forgetting &&.
It's indeed not needed to use the actual exit code.

Mischa


Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Solene Rapenne
On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:

>
>
> > On 25 Mar 2019, at 01:40, Stuart Henderson <[hidden email]> wrote:
> >
> > On 2019-03-23, Mischa <[hidden email]> wrote:
> >> Hi Geir,
> >>
> >> I have solved this with a little script.
> >>
> >> ###
> >> #!/bin/sh
> >> OUT=2
> >> /usr/sbin/acme-client -v www.example.com
> >> if test  $? -eq 0
> >> then EXT=$?
> >> fi
> >> /usr/sbin/acme-client -v www.example1.com
> >> if test $? -eq 0
> >> then EXT=$?
> >> fi
> >> if test $EXT -eq 0
> >> then
> >>        echo "New certificates installed."
> >>        rcctl restart httpd
> >> else echo "No new certificates installed."
> >> fi
> >> ###
> >
> > Simpler:
> >
> > for i in www.example.com www.example1.com; do
> >  acme-client -v $i && reload=y
> > done
> > [[ -n $reload ]] && rcctl reload httpd
>
> Nice!! I have a couple of more domains in there, so the 'for' becomes a little ugly, but I keep forgetting &&.
> It's indeed not needed to use the actual exit code.
>
> Mischa
>
>

One could easily write something like this:

#!/bin/sh

UPDATE=0
for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
do
        acme-client $domain
        if [ $? -eq 0 ]; then UPDATE=1 fi
done

if [ $UPDATE -ne 0 ]; then
        rcctl restart httpd dovecot smtpd
fi

you could also handle the exit status per domain if you want more
informations. I did write the script for this mail, it may contains
errors.

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Mischa-2


> On 25 Mar 2019, at 14:49, Solene Rapenne <[hidden email]> wrote:
>
> On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
>>
>>
>>> On 25 Mar 2019, at 01:40, Stuart Henderson <[hidden email]> wrote:
>>>
>>> On 2019-03-23, Mischa <[hidden email]> wrote:
>>>> Hi Geir,
>>>>
>>>> I have solved this with a little script.
>>>>
>>>> ###
>>>> #!/bin/sh
>>>> OUT=2
>>>> /usr/sbin/acme-client -v www.example.com
>>>> if test  $? -eq 0
>>>> then EXT=$?
>>>> fi
>>>> /usr/sbin/acme-client -v www.example1.com
>>>> if test $? -eq 0
>>>> then EXT=$?
>>>> fi
>>>> if test $EXT -eq 0
>>>> then
>>>>       echo "New certificates installed."
>>>>       rcctl restart httpd
>>>> else echo "No new certificates installed."
>>>> fi
>>>> ###
>>>
>>> Simpler:
>>>
>>> for i in www.example.com www.example1.com; do
>>> acme-client -v $i && reload=y
>>> done
>>> [[ -n $reload ]] && rcctl reload httpd
>>
>> Nice!! I have a couple of more domains in there, so the 'for' becomes a little ugly, but I keep forgetting &&.
>> It's indeed not needed to use the actual exit code.
>>
>> Mischa
>>
>>
>
> One could easily write something like this:
>
> #!/bin/sh
>
> UPDATE=0
> for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
> do
> acme-client $domain
> if [ $? -eq 0 ]; then UPDATE=1 fi
> done
>
> if [ $UPDATE -ne 0 ]; then
> rcctl restart httpd dovecot smtpd
> fi
>
> you could also handle the exit status per domain if you want more
> informations. I did write the script for this mail, it may contains
> errors.

Hi Solene,

Love it!
Going to combine both suggestions.

Thanx!

Mischa

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Hasse Hansson
In reply to this post by Solene Rapenne
On Mon, Mar 25, 2019 at 02:49:01PM +0100, Solene Rapenne wrote:

> On Mon, Mar 25, 2019 at 02:27:19PM +0100, Mischa wrote:
> >
> >
> > > On 25 Mar 2019, at 01:40, Stuart Henderson <[hidden email]> wrote:
> > >
> > > On 2019-03-23, Mischa <[hidden email]> wrote:
> > >> Hi Geir,
> > >>
> > >> I have solved this with a little script.
> > >>
> > >> ###
> > >> #!/bin/sh
> > >> OUT=2
> > >> /usr/sbin/acme-client -v www.example.com
> > >> if test  $? -eq 0
> > >> then EXT=$?
> > >> fi
> > >> /usr/sbin/acme-client -v www.example1.com
> > >> if test $? -eq 0
> > >> then EXT=$?
> > >> fi
> > >> if test $EXT -eq 0
> > >> then
> > >>        echo "New certificates installed."
> > >>        rcctl restart httpd
> > >> else echo "No new certificates installed."
> > >> fi
> > >> ###
> > >
> > > Simpler:
> > >
> > > for i in www.example.com www.example1.com; do
> > >  acme-client -v $i && reload=y
> > > done
> > > [[ -n $reload ]] && rcctl reload httpd
> >
> > Nice!! I have a couple of more domains in there, so the 'for' becomes a little ugly, but I keep forgetting &&.
> > It's indeed not needed to use the actual exit code.
> >
> > Mischa
> >
> >
>
> One could easily write something like this:
>
> #!/bin/sh
>
> UPDATE=0
> for domain in $(awk '/^domain/ { print $2 }' /etc/acme-client.conf)
> do
> acme-client $domain
> if [ $? -eq 0 ]; then UPDATE=1 fi
> done
>
> if [ $UPDATE -ne 0 ]; then
> rcctl restart httpd dovecot smtpd
> fi
>
> you could also handle the exit status per domain if you want more
> informations. I did write the script for this mail, it may contains
> errors.
>
Thanks a lot, everybody, for helping.
Very nice solutions.
/Geir

Reply | Threaded
Open this post in threaded view
|

Re: httpd acme-client renew multiple domains

Markus Rosjat
In reply to this post by Mischa-2
Hi Mischa,

if you like some python i got a small script for multiple domain cert
renew on my github. I hope its ok to post the link here

https://github.com/rosjat/scripts/blob/master/shell/OpenBSD/acme_renew

its nothing fancy and you can modify it for your need or may make it
better :)

regards

--
Markus Rosjat    fon: +49 351 8107224    mail: [hidden email]

G+H Webservice GbR Gorzolla, Herrmann
Königsbrücker Str. 70, 01099 Dresden

http://www.ghweb.de
fon: +49 351 8107220   fax: +49 351 8107227

Bitte prüfen Sie, ob diese Mail wirklich ausgedruckt werden muss! Before
you print it, think about your responsibility and commitment to the
ENVIRONMENT