Automated Certificate Renewal

From Wreckroom
Revision as of 12:33, 29 March 2026 by 108.27.135.4 (talk)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Automated Certificate Renewal

Script Location

/usr/local/bin/renew-and-update-certs.sh

Script Contents

#!/bin/bash

# Renew certificates
/usr/syno/sbin/syno-letsencrypt renew-all -v

# Check if renewal was successful (exit code 0)
if [ $? -eq 0 ]; then
    # Update Navidrome certificates
    cp /usr/syno/etc/certificate/system/default/RSA-cert.pem /volume2/docker/navidrome/ssl/certificate.crt
    cp /usr/syno/etc/certificate/system/default/RSA-privkey.pem /volume2/docker/navidrome/ssl/private.key
    chmod 644 /volume2/docker/navidrome/ssl/certificate.crt
    chmod 600 /volume2/docker/navidrome/ssl/private.key
    docker restart navidrome
    echo "Certificates renewed and Navidrome updated"
else
    echo "Certificate renewal failed, skipping Navidrome update"
fi

Task Scheduler Configuration

Control Panel > Task Scheduler

Setting Value
Task name Auto-renew SSL and Update Navidrome
User root
Schedule Weekly (Sunday, 3:00 AM)
Script /usr/local/bin/renew-and-update-certs.sh

How It Works

  1. Script runs weekly
  2. Checks all certificates for renewal (30 days before expiry)
  3. Renews any expiring certificates via Let's Encrypt
  4. If successful, copies new certs to Navidrome
  5. Restarts Navidrome container with fresh certificates
Retrieved from "https://wiki.wreckroom.nyc/index.php?title=Automated_Certificate_Renewal&oldid=447"