init

README.md

@@ -0,0 +1,7 @@
+# certrenew.service
+A sample to configure certbot auto renew with systemd
+
+## Reference
+- [crontabを捨てsystemdに定期実行を任せよう。(narikei)](https://qiita.com/narikei/items/ca4823c7f6790f0cbe0b)
+- [systemd .timerについて調べた事を記事にしておく(SOUICHIROU)](https://www.souichi.club/raspberrypi/systemd-timer/#OnCalendar)
+- [How do I reload a group of systemd services?](https://unix.stackexchange.com/questions/334471/how-do-i-reload-a-group-of-systemd-services)

certrenew.path

@@ -0,0 +1,8 @@
+[Unit]
+Description=Restart services which use SSL when the cert directory changes
+
+[Path]
+PathChanged=/etc/letsencrypt/live
+
+[Install]
+WantedBy=multi-user.target

certrenew.service

@@ -0,0 +1,19 @@
+[Unit]
+Description=Service to renew letsencrypt certs
+
+[Service]
+Type=simple
+
+## NOTE
+# (1) comment out one of the following ExecStart
+# (2) check if the path to certbot is correct
+# (3) check if the credentials file is correct
+
+## cloudflare
+#ExecStart=/usr/local/bin/certbot renew --non-interactive --agree-tos --preferred-challenges dns --authenticator dns-cloudflare --dns-cloudflare-credentials /etc/certbot/cloudflare.ini --dns-cloudflare-propagation-seconds 10
+
+## porkbun
+#ExecStart=/usr/local/bin/certbot renew --non-interactive --agree-tos --preferred-challenges dns --authenticator dns-porkbun --dns-porkbun-credentials /etc/certbot/porkbun.ini --dns-porkbun-propagation-seconds 10
+
+[Install]
+WantedBy=multi-user.target

certrenew.target

@@ -0,0 +1,3 @@
+[Unit]
+Description=Services which need reloaded with SSL certs are updated
+PropagatesReloadTo=nginx postfix dovecot

certrenew.timer

@@ -0,0 +1,9 @@
+[Unit]
+Description=Timer to renew letsencrypt certs periodically
+
+[Timer]
+OnCalendar=*-*-4,14,24 04:15:15
+RandomizedDelaySec=31m17s
+
+[Install]
+WantedBy=timers.target