% Certbot Letsencrypt


# Ajout d'un certificat

```bash
export maindomain=nu.aezi.fr
export newsub=13ft.aezi.fr
sudo certbot certificates -d $maindomain 2>/dev/null | awk -v newsub=$newsub '$1 == "Domains:"{$1=""; print $0","newsub}' | xargs | tr ' ' ',' | sudo xargs certbot --expand -d
```

# Renouvellement automatique

## crontab

Recommandation: lancer [`certbot` deux fois par jour](https://community.letsencrypt.org/t/cron-job-to-run-every-90-days-vs-3-months/51618/3)

```
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

0 */12 * * * /usr/bin/certbot renew --nginx -n >> /var/log/certbot.log 2>&1
```

## Logrotate

Contenu de `/etc/logrotate.d/certbot`:

```
/var/log/certbot.log {
  rotate 4
  monthly
  compress
  missingok
  notifempty
}
```