files/certbot-renewal.service

@@ -1,10 +0,0 @@
-[Unit]
-Description=Runs certbot renew
-
-[Service]
-Type=oneshot
-RemainAfterExit=no
-ExecStart=/scripts/certbot-renewal.sh
-
-[Install]
-WantedBy=multi-user.target

files/certbot-renewal.sh

@@ -1,60 +0,0 @@
-#! /bin/bash
-#should probably add logic to only halt/reload once (and only if necessary)
-function halt() {
-    #stop services if necessary
-    if [ -d /var/lib/ipa/ ]
-        #stop httpd
-        systemctl stop httpd
-    fi
-}
-function reload() {
-    #reload/restart relevant services
-    if [ -d /etc/nginx/certs/ ]
-    then
-        systemctl reload nginx
-    fi
-    if [ -d /var/lib/ipa/ ]
-        #restart httpd
-        systemctl start httpd
-        /scripts/setup-le.sh
-        systemctl restart httpd
-        #load cert
-    fi
-
-}
-
-dom=`date +%d`
-today=`date +%Y%m%d`
-log=/var/log/certbot-renewal.log
-echo Renewal attempt for $today >> $log
-#rotate log file every month
-if [[ $dom = 1 ]];then mv $log $log.bak;fi
-for f in `ls /etc/letsencrypt/live/ --ignore "README"`
-do
-    echo Checking $f >> $log
-    #check if cert has already expired or will expire within the next two days and renew if applicable
-    expires=$(echo `openssl x509 -enddate -noout -in /etc/letsencrypt/live/$f/cert.pem` " - 2 day" | grep -Po "(?<=notAfter=).*" | date +%Y%m%d -f -)
-    if [[ $today > $expires ]]
-    then
-        echo Certificate for $f is expired, renewing >> $log
-        halt()
-        certbot renew --cert-name $f >> /var/log/certbot-renewal.log
-        reload()
-        continue
-    fi
-    #convert hostname into day of month between 0 and 28 to renew on specific day of month (reduce chance of running out of cert renewals)
-    hash=$(echo $f| md5sum)
-    num=$((0x${hash%% *}))
-    for d in {0..2}
-    do 
-        rdate=$(((${num#-}+$d)%28+1))
-        if [[ $dom -eq $rdate ]]
-        then
-            echo Date falls within renewal window for $f, attempting renewal >> $log
-            halt()
-            certbot renew --cert-name $f >> $log
-            reload()
-            break
-        fi
-    done
-done

files/certbot-renewal.timer

@@ -1,12 +0,0 @@
-[Unit]
-Description=Runs certbot-renewal once per day
-
-[Timer]
-# Time to wait after booting before we run first time
-OnBootSec=10min
-# Time between running each consecutive time
-OnUnitActiveSec=1d
-Unit=certbot-renewal.service
-
-[Install]
-WantedBy=multi-user.target

tasks/deploy_renewal.yml

@@ -1,26 +0,0 @@
-# deploy_renewal.yml
----
-- name: deploy certbot renewal script
-  ansible.builtin.copy:
-    src: files/certbot-renewal.sh
-    dest: /scripts/certbot-renewal.sh
-    mode: '0754'
-
-- name: deploy certbot renewal service
-  ansible.builtin.copy:
-    src: files/certbot-renewal.service
-    dest: /usr/lib/systemd/system/certbot-renewal.service
-    mode: '0644'
-
-- name: deploy certbot renewal timer
-  ansible.builtin.copy:
-    src: files/certbot-renewal.timer
-    dest: /usr/lib/systemd/system/certbot-renewal.timer
-    mode: '0644'
-
-- name: ensure certbot renewal script is running
-  service:
-    name: certbot-renewal.timer
-    state: started
-    daemon_reload: true
-    enabled: yes

tasks/main.yml

@@ -9,5 +9,3 @@
 - include_tasks: generate_cert.yml
   loop: "{{ domains }}"
 
-# deploy renewal script, service and timer for host
-- include_tasks: deploy_renewal.yml