Automated Certificate Renewal: Difference between revisions

From Wreckroom
Jump to navigation Jump to search
(Created page with "## Automated Certificate Renewal ### Script Location `/usr/local/bin/renew-and-update-certs.sh` ### Script Contents ```bash #!/bin/bash # Renew certificates /usr/syno/sbin/syno-letsencrypt renew-all -v # Check if renewal was successful (exit code 0) if [ $? -eq 0 ]; then # Update Navidrome certificates cp /usr/syno/etc/certificate/system/default/RSA-cert.pem /volume2/docker/navidrome/ssl/certificate.crt cp /usr/syno/etc/certificate/system/default/RSA-priv...")
 
No edit summary
 
(2 intermediate revisions by the same user not shown)
Line 1: Line 1:
## Automated Certificate Renewal
=Automated Certificate Renewal=


### Script Location
===Script Location===
`/usr/local/bin/renew-and-update-certs.sh`
<code>/usr/local/bin/renew-and-update-certs.sh</code>


### Script Contents
===Script Contents===
```bash
<syntaxhighlight lang="bash">
#!/bin/bash
#!/bin/bash


Line 23: Line 23:
     echo "Certificate renewal failed, skipping Navidrome update"
     echo "Certificate renewal failed, skipping Navidrome update"
fi
fi
```
</syntaxhighlight>


### Task Scheduler Configuration
===Task Scheduler Configuration===
'''Control Panel > Task Scheduler'''


**Control Panel > Task Scheduler**
{| class="wikitable"
|-
! Setting !! Value
|-
| Task name || Auto-renew SSL and Update Navidrome
|-
| User || root
|-
| Schedule || Weekly (Sunday, 3:00 AM)
|-
| Script || <code>/usr/local/bin/renew-and-update-certs.sh</code>
|}


| Setting | Value |
===How It Works===
|---------|-------|
# Script runs weekly
| Task name | Auto-renew SSL and Update Navidrome |
# Checks all certificates for renewal (30 days before expiry)
| User | root |
# Renews any expiring certificates via Let's Encrypt
| Schedule | Weekly (Sunday, 3:00 AM) |
# If successful, copies new certs to Navidrome
| Script | `/usr/local/bin/renew-and-update-certs.sh` |
# Restarts Navidrome container with fresh certificates
 
### How It Works
 
1. Script runs weekly
2. Checks all certificates for renewal (30 days before expiry)
3. Renews any expiring certificates via Let's Encrypt
4. If successful, copies new certs to Navidrome
5. Restarts Navidrome container with fresh certificates

Latest revision as of 12:33, 29 March 2026

Automated Certificate Renewal[edit]

Script Location[edit]

/usr/local/bin/renew-and-update-certs.sh

Script Contents[edit]

#!/bin/bash

# Renew certificates
/usr/syno/sbin/syno-letsencrypt renew-all -v

# Check if renewal was successful (exit code 0)
if [ $? -eq 0 ]; then
    # Update Navidrome certificates
    cp /usr/syno/etc/certificate/system/default/RSA-cert.pem /volume2/docker/navidrome/ssl/certificate.crt
    cp /usr/syno/etc/certificate/system/default/RSA-privkey.pem /volume2/docker/navidrome/ssl/private.key
    chmod 644 /volume2/docker/navidrome/ssl/certificate.crt
    chmod 600 /volume2/docker/navidrome/ssl/private.key
    docker restart navidrome
    echo "Certificates renewed and Navidrome updated"
else
    echo "Certificate renewal failed, skipping Navidrome update"
fi

Task Scheduler Configuration[edit]

Control Panel > Task Scheduler

Setting Value
Task name Auto-renew SSL and Update Navidrome
User root
Schedule Weekly (Sunday, 3:00 AM)
Script /usr/local/bin/renew-and-update-certs.sh

How It Works[edit]

  1. Script runs weekly
  2. Checks all certificates for renewal (30 days before expiry)
  3. Renews any expiring certificates via Let's Encrypt
  4. If successful, copies new certs to Navidrome
  5. Restarts Navidrome container with fresh certificates
Retrieved from "https://wiki.wreckroom.nyc/index.php?title=Automated_Certificate_Renewal&oldid=447"