Last active
January 26, 2024 16:23
-
-
Save zabirauf/bda54230ca1335c1cf00e3adba682ee7 to your computer and use it in GitHub Desktop.
Renew certificate using certbot for MongoDB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # Define variables | |
| DOMAIN=foo.example.com | |
| # renew cert | |
| certbot renew | |
| # combine latest letsencrypt files for mongo | |
| # find latest fullchain*.pem | |
| newestFull=$(ls -v /etc/letsencrypt/archive/"$DOMAIN"/fullchain*.pem | tail -n 1) | |
| echo "$newestFull" | |
| # find latest privkey*.pem | |
| newestPriv=$(ls -v /etc/letsencrypt/archive/"$DOMAIN"/privkey*.pem | tail -n 1) | |
| echo "$newestPriv" | |
| # combine to mongo.pem | |
| cat {$newestFull,$newestPriv} | tee /etc/ssl/mongo.pem | |
| # set rights for mongo.pem | |
| chmod 600 /etc/ssl/mongo.pem | |
| chown mongodb:mongodb /etc/ssl/mongo.pem | |
| # restart mongo | |
| service mongod restart |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thank you very much for the script and for the article!
If I may suggest a little improvement, you could use
/etc/letsencrypt/live/"$DOMAIN"/fullchain.pem, and/etc/letsencrypt/live/"$DOMAIN"/privkey.peminstead of extracting the latest files from archive.