added systemd cert renewal
This commit is contained in:
John Lancaster
27
systemd/cert-renewer.service
Normal file
27
systemd/cert-renewer.service
Normal file
@@ -0,0 +1,27 @@
|
||||
[Unit]
|
||||
Description=Certificate renewal
|
||||
After=network-online.target
|
||||
Documentation=https://smallstep.com/docs/step-ca/certificate-authority-server-production
|
||||
StartLimitIntervalSec=0
|
||||
; PartOf=cert-renewer.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
User=root
|
||||
|
||||
Environment=CERT_LOCATION=/home/john/soteria/certs/soteria.crt \
|
||||
KEY_LOCATION=/home/john/soteria/certs/soteria.key
|
||||
|
||||
; ExecCondition checks if the certificate is ready for renewal,
|
||||
; based on the exit status of the command.
|
||||
; (In systemd <242, you can use ExecStartPre= here.)
|
||||
ExecCondition=/usr/bin/step certificate needs-renewal ${CERT_LOCATION}
|
||||
|
||||
; ExecStart renews the certificate, if ExecStartPre was successful.
|
||||
ExecStart=/usr/bin/step ca renew --force ${CERT_LOCATION} ${KEY_LOCATION}
|
||||
|
||||
ExecStartPost=/usr/bin/openssl x509 -noout -enddate -in ${CERT_LOCATION}
|
||||
ExecStartPost=/usr/bin/docker exec caddy caddy reload --config /etc/caddy/Caddyfile
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user