Add a cron job to automatically renew the certificates and update docs

plone · Mar 18, 2020 · f0cc209 · f0cc209
1 parent 605db56
commit f0cc209
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 0 deletions.
diff --git a/docs/webserver.rst b/docs/webserver.rst
@@ -106,6 +106,14 @@ Or if you have the ``inventory_hostname`` variable defined:
    certbot_hosts:
      - "{{ inventory_hostname }}"
 
+To automatically renew the certificates, you need to set the time you want to attempt renewal on a daily basis with the ``certbot_renew_at`` global variable.
+
+.. code-block:: yaml
+
+    certbot_renew_at:
+      minute: 30
+      hour: 3
+
 Remember, the ``certbot_hosts`` variable must be global, not part of ``webserver_virtualhosts`` list.
 Also the ``certificate`` key and items under ``webserver_virtualhosts`` takes precedence over all other certificate management methods.
 If you want to use certbot, then remove the ``certificate`` block.

diff --git a/roles/certbot/tasks/main.yml b/roles/certbot/tasks/main.yml
@@ -20,3 +20,13 @@
 - name: "Test renewal with a dry run."
   shell: >
     certbot renew --dry-run --nginx
+
+- name: Cron job to auto renew certificates via certbot
+  when: certbot_renew_at|bool
+  cron:
+    name="Automatically renew Let's Encrypt certificates via certbot"
+    job="certbot renew --quiet --no-self-upgrade --nginx"
+    user=root
+    minute={{ item.minute }}
+    hour={{ item.hour }}
+  with_items: "{{ [certbot_renew_at] }}"