Hello Fello Mercurians,
I like automation, for what else do we have computers!
Assuming some people, like me, could use a little advise to automate the renewal of the Certificate process for Mercury, I had created a batchfile which will renew the Certificate using Certbot , copy and rename the files to be able to use by Mercury and run it at a certain time using the Task Schedule.
There is also Apache involved, as I am running Roundcube for my IMAP connections. In my case I am using the standalone version and therefore I need to shut down Apache to have port 80 or 443 free to use by Certbot spinning up a small webserver.
And I just did a succssfull run.
Certbot located at c:\certbot
Mercury located at d:\mercury
Here we go:
create a batchfile and call it by Task Schedule with elevated user rights.
First: stop Apache service: net stop apache2.4
Second: start the Certbot renewal process:
cd to certbot\bin and call certbot renew
which will renew one or all certificates which are close to expire.
Third: start Apache service: net start apache2.4
Fourth: copy the files needed by Mercury TO Mercury and rename them at the same time.
Files needed are: c:\certbot\live\domain\fullchain.pem and c:\certbot\live\domain\privkey.pem
To make this happen we use xcopy
xcopy c:\certbot\live\domain\fullchain.pem d:\mercury\mercury.pem /y
xcopy c:\certbot\live\domain\privkey.pem d:\mercury\mercury.prk.pem /y
The /y switch is set to quitely overwrite the files after the first renewal.
Comments: Name of Apache service my differ.
IMPORTANT Note: do not rename the files in the original certbot folder as the renewal process is looking for the original file names. If you want NOT to move the files to d:\mercury and keep them in the original file location, that will propably work, but I have not tested it. I like to keep things clean and seperate.
The full batch file will look like this. You can add comments as you wish.
:: stop apache
net stop apache2.4
:: start renewal process of all certbot certificates
:: cd to certbot.exe
:: start apache
net start apache2.4
:: copy certificate from your domain for mercury. Files to copy & rename
:: are fullchain.pem > mercury.pem ; privky.pem > mercury.prk.pem
:: use xcopy to overwrite file quietly /y
:: rename is not possible as certbot is looking for the original filenames
xcopy c:\certbot\live\domain.com\privkey.pem d:\mercury\mercury.prk.pem /y
xcopy c:\certbot\live\domain.com\fullchain.pem d:\mercury\mercury.pem /y
The only manual change is to set a new date in Task Schedule for the next renewal.
This is very basic and I am sure there maybe other ways. Maybe we can add them and make it better?