root@wrkm-www:/etc/dehydrated# cat /etc/dehydrated/conf.d/example.sh
# E-mail to use during the registration (default: <unset>) CONTACT_EMAIL=hostmaster@domain.example
/etc/dehydrated/domains.txt
domain.example sub.domain.example domain.example2 sub.domain.example2 sub2.example2
Here an example that reloads apache when certificates are updated
--- /usr/share/doc/dehydrated/examples/hook.sh 2018-04-25 23:22:40.000000000 +0200 +++ hook.sh 2019-08-20 07:53:59.533678877 +0200 @@ -22,6 +22,9 @@ # Simple example: Use nsupdate with local named # printf 'server 127.0.0.1\nupdate add _acme-challenge.%s 300 IN TXT "%s"\nsend\n' "${DOMAIN}" "${TOKEN_VALUE}" | nsupdate -k /var/run/named/session.key + + # Send mail when we are trying to update certificate + echo | mail root -s "Dehydrated deploy_challenge certificate ${DOMAIN}" } clean_challenge() { @@ -62,6 +65,12 @@ # Simple example: Copy file to nginx config # cp "${KEYFILE}" "${FULLCHAINFILE}" /etc/nginx/ssl/; chown -R nginx: /etc/nginx/ssl # systemctl reload nginx + + # Reload apache server when certificate(s) has been updated + /bin/systemctl reload apache2 + + # Send mail when we have succeeded with updating certificate + echo | mail root -s "Dehydrated deploy_cert certificate ${DOMAIN}" } deploy_ocsp() {
/etc/cron.daily/dehydrated
#!/bin/sh # Try to renew Let's Encrypt certificates set -u /usr/bin/dehydrated -c --hook /etc/dehydrated/hook.sh > /dev/null code=$? if [ $code -ne 0 ]; then echo | mail root -s "Dehydrated exited with non-zero status code ${code}" fi