Skip to content

Instantly share code, notes, and snippets.

@zabirauf
Last active January 26, 2024 16:23
Show Gist options
  • Save zabirauf/bda54230ca1335c1cf00e3adba682ee7 to your computer and use it in GitHub Desktop.
Save zabirauf/bda54230ca1335c1cf00e3adba682ee7 to your computer and use it in GitHub Desktop.
Renew certificate using certbot for MongoDB
#!/bin/bash
# Define variables
DOMAIN=foo.example.com
# renew cert
certbot renew
# combine latest letsencrypt files for mongo
# find latest fullchain*.pem
newestFull=$(ls -v /etc/letsencrypt/archive/"$DOMAIN"/fullchain*.pem | tail -n 1)
echo "$newestFull"
# find latest privkey*.pem
newestPriv=$(ls -v /etc/letsencrypt/archive/"$DOMAIN"/privkey*.pem | tail -n 1)
echo "$newestPriv"
# combine to mongo.pem
cat {$newestFull,$newestPriv} | tee /etc/ssl/mongo.pem
# set rights for mongo.pem
chmod 600 /etc/ssl/mongo.pem
chown mongodb:mongodb /etc/ssl/mongo.pem
# restart mongo
service mongod restart
@LukaszWiktor
Copy link

LukaszWiktor commented Jan 26, 2024

Thank you very much for the script and for the article!

If I may suggest a little improvement, you could use /etc/letsencrypt/live/"$DOMAIN"/fullchain.pem, and /etc/letsencrypt/live/"$DOMAIN"/privkey.pem instead of extracting the latest files from archive.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment