Certificate renewal automation

Johannes

posted Sep 21 '23 at 3:20 am

Hello Fello Mercurians,

I like automation, for what else do we have computers! smile

Assuming some people, like me, could use a little advise to automate the renewal of the Certificate process for Mercury, I had created a batchfile which will renew the Certificate using Certbot , copy and rename the files to be able to use by Mercury and run it at a certain time using the Task Schedule.
There is also Apache involved, as I am running Roundcube for my IMAP connections. In my case I am using the standalone version and therefore I need to shut down Apache to have port 80 or 443 free to use by Certbot spinning up a small webserver.

And I just did a succssfull run. smile smile

Certbot located at c:\certbot
Mercury located at d:\mercury

Here we go:
create a batchfile and call it by Task Schedule with elevated user rights.

First: stop Apache service: net stop apache2.4

Second: start the Certbot renewal process:
cd to certbot\bin and call certbot renew
which will renew one or all certificates which are close to expire.

Third: start Apache service: net start apache2.4

Fourth: copy the files needed by Mercury TO Mercury and rename them at the same time.
Files needed are: c:\certbot\live\domain\fullchain.pem and c:\certbot\live\domain\privkey.pem
To make this happen we use xcopy
xcopy c:\certbot\live\domain\fullchain.pem d:\mercury\mercury.pem /y
xcopy c:\certbot\live\domain\privkey.pem d:\mercury\mercury.prk.pem /y
The /y switch is set to quitely overwrite the files after the first renewal.

Comments: Name of Apache service my differ.
IMPORTANT Note: do not rename the files in the original certbot folder as the renewal process is looking for the original file names. If you want NOT to move the files to d:\mercury and keep them in the original file location, that will propably work, but I have not tested it. I like to keep things clean and seperate.

The full batch file will look like this. You can add comments as you wish.

@ECHO OFF
::
:: stop apache 
net stop apache2.4

:: start renewal process of all certbot certificates
:: cd to certbot.exe

cd certbot\bin
certbot renew 

:: start apache
net start apache2.4

:: copy certificate from your domain for mercury. Files to copy & rename
:: are fullchain.pem > mercury.pem ; privky.pem > mercury.prk.pem
:: use xcopy to overwrite file quietly  /y 
:: rename is not possible as certbot is looking for the original filenames
xcopy c:\certbot\live\domain.com\privkey.pem d:\mercury\mercury.prk.pem /y
xcopy c:\certbot\live\domain.com\fullchain.pem d:\mercury\mercury.pem /y

exit

The only manual change is to set a new date in Task Schedule for the next renewal.

This is very basic and I am sure there maybe other ways. Maybe we can add them and make it better?

Enjoy!

Johannes

Hello Fello Mercurians, I like automation, for what else do we have computers! 8) Assuming some people, like me, could use a little advise to automate the renewal of the Certificate process for Mercury, I had created a batchfile which will renew the Certificate using [Certbot](https://certbot.eff.org/) , copy and rename the files to be able to use by Mercury and run it at a certain time using the Task Schedule. There is also Apache involved, as I am running Roundcube for my IMAP connections. In my case I am using the standalone version and therefore I need to shut down Apache to have port 80 or 443 free to use by Certbot spinning up a small webserver. And I just did a succssfull run. ]:) ]:) Certbot located at c:\certbot Mercury located at d:\mercury Here we go: create a batchfile and call it by Task Schedule with elevated user rights. First: stop Apache service: net stop apache2.4 Second: start the Certbot renewal process: cd to certbot\bin and call certbot renew which will renew one or all certificates which are close to expire. Third: start Apache service: net start apache2.4 Fourth: copy the files needed by Mercury TO Mercury and rename them at the same time. Files needed are: c:\certbot\live\domain\fullchain.pem and c:\certbot\live\domain\privkey.pem To make this happen we use xcopy xcopy c:\certbot\live\domain\fullchain.pem d:\mercury\mercury.pem /y xcopy c:\certbot\live\domain\privkey.pem d:\mercury\mercury.prk.pem /y The /y switch is set to quitely overwrite the files after the first renewal. Comments: Name of Apache service my differ. IMPORTANT Note: do not rename the files in the original certbot folder as the renewal process is looking for the original file names. If you want NOT to move the files to d:\mercury and keep them in the original file location, that will propably work, but I have not tested it. I like to keep things clean and seperate. The full batch file will look like this. You can add comments as you wish. ```` @ECHO OFF :: :: stop apache net stop apache2.4 :: start renewal process of all certbot certificates :: cd to certbot.exe cd certbot\bin certbot renew :: start apache net start apache2.4 :: copy certificate from your domain for mercury. Files to copy & rename :: are fullchain.pem > mercury.pem ; privky.pem > mercury.prk.pem :: use xcopy to overwrite file quietly /y :: rename is not possible as certbot is looking for the original filenames xcopy c:\certbot\live\domain.com\privkey.pem d:\mercury\mercury.prk.pem /y xcopy c:\certbot\live\domain.com\fullchain.pem d:\mercury\mercury.pem /y exit ```` The only manual change is to set a new date in Task Schedule for the next renewal. This is very basic and I am sure there maybe other ways. Maybe we can add them and make it better? Enjoy! Johannes

edited Sep 23 '23 at 9:21 pm

Sellerie

posted Jan 9 at 9:04 pm

Does Mercury read the files without program restart?

Johannes

posted Jan 10 at 1:15 am

Hello,

yes, Mercury will read the new files without a restart. On Dec.25 2023 I had another renewal and it went perfectly well.

Johannes

Hello, yes, Mercury will read the new files without a restart. On Dec.25 2023 I had another renewal and it went perfectly well. Johannes

Related Topics

Pending draft

Confirm move posts

Insufficient permissions

Select a different topic

Edit history