From 49069bb0f25594eec7a0d4c1c993afb73d8ce961 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Thu, 3 Oct 2019 18:04:34 +0800
Subject: web: Employ monthly periodic task to renew certificates

---
 roles/web/templates/acme/renew.sh.j2 | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 roles/web/templates/acme/renew.sh.j2

(limited to 'roles/web/templates')

diff --git a/roles/web/templates/acme/renew.sh.j2 b/roles/web/templates/acme/renew.sh.j2
new file mode 100644
index 0000000..33d5879
--- /dev/null
+++ b/roles/web/templates/acme/renew.sh.j2
@@ -0,0 +1,17 @@
+#!/bin/sh
+#
+# Renew 'acme.sh' issued certificates.
+#
+# Aaron LI
+# 2019-10-03
+#
+
+[ $(id -u) -eq 0 ] || {
+    echo "ERROR: must be run by root!"
+    exit 1
+}
+
+su - acme \
+    -c "acme.sh --cron --log /var/log/acme.sh.log \
+        --config-home {{ web.acme_home }}/.acme.sh \
+        --cert-home {{ web.acme_home }}/certs"
-- 
cgit v1.2.2