Auto renew SSL script

What is SSL?

SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private

How to install SSL?

If you still do not have SSL on your website follow our tutorial and learn how you can easily install SSL. In this blog today we will cover process on how you can create auto renew script since you have once purchased SSL.

Why auto renew script?

The answer is simple, if you follow our previous step and use it to install SSL, you know that it is valid for three months. If you do not want to waste the time to renew SSL every three months use our tutorial and make a script for yourself.

Auto renew SSL script?

We will start step by step and to the end, we will show full code. We will get in mind that you have followed our previous tutorial on how to install SSL and we are making this script compatible with it.
First of all, you want to create one file in which we will write the script. Let's call it renewSSL.sh.
  • nano renewSSL.sh
First, we will need to remove our CSR and PEM files.
  • sudo rm *.pem
  • sudo rm *.csr
You can use it with full path as well, which is better solution
  • sudo rm /usr/share/ssl/*.pem
  • sudo rm /usr/share/ssl/*.csr
Next think what you need to do it to stop tomcat with your script and wait 30 sec
  • sudo sh /usr/share/tomcat/bin/shutdown.sh
  • sleep 30
Now we need to delete our keystore file, we will create new one later
  • sudo rm /usr/share/ssl/*.keystore
Since we have deleted our keystore we need to recreate it, use the following command for that, keep in mind that we are making new file server.keystore
  • sudo keytool -genkey -noprompt -alias tomcat -dname "CN=$1, OU=NA, O=NA, L=NA, S=NA, C=NA" -keystore /usr/share/ssl/server.keystore -storepass $2 -KeySize 2048 -keypass $2 -keyalg RSA
  • sudo keytool -list -keystore /usr/share/ssl/server.keystore -v -storepass $2 > key.check
What is next ? We need to build the CSS and we are using following command for that. This will create us new csr with name request.csr
  • sudo keytool -certreq -alias tomcat -file request.csr -keystore /usr/share/ssl/server.keystore -storepass $2
Now is time to request certificate. This command will create one new file 0001_chain.pem
  • sudo certbot certonly --csr ./request.csr --standalone
We have our certificate now, at first time you can check logs to be sure about that. Now we need to import certificate in our keystore. We are using following command for that
  • sudo keytool -import -trustcacerts -alias tomcat -file 0001_chain.pem -keystore /usr/share/ssl/server.keystore -storepass $2
At the end start the tomcat
  • sudo sh /usr/share/tomcat/bin/startup.sh

Configure server.xml for SSL

Do we need to configure server.xml in this step? The answer is it depends. If you have followed steps on our previous tutorial then you are good, if no go in post and see how to configure server.xml.

Using the script

The script is ready to use, you can use it with the following command, first make sure that you have permissions to execute the script.
  • sudo chmod -x renewSSL.sh
  • sudo sh renewSSL.sh domain.com password
Keep in mind that you need to change domain.com with the domain for which you want to request SSL and password as well. Password need to be same as in server.xml configuration.
The last think which we need to do it so this script will have sense and work is to create cron job, use to following command to create cron job.
  • crontab -e
  • 30 03 01 */3 * sh /usr/share/ssl/renewSSL.sh example.com password >> /usr/share/ssl/sslLogs.log

Full Code

The full code of the script is shown on the picture bellow.

Conclusion

Making and using the script for ssl auto-renew will make your life much easier. This will save your time for manual SSL renewal. For that make this script and use it on all your servers.