Skip to content

Instantly share code, notes, and snippets.

@aKamrani

aKamrani/LetsEncrpyt-SSL-Automatic-certbot

Last active July 26, 2025 08:23
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aKamrani/6434ea6a37f4a5936bb9737116c05674 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aKamrani/6434ea6a37f4a5936bb9737116c05674 to your computer and use it in GitHub Desktop.
Download ZIP
LetsEncrpyt-SSL-Automatic-certbot
Raw
LetsEncrpyt-SSL-Automatic-certbot
🙏 Descriptions goes on comments 🙏
@aKamrani
Copy link
Author

aKamrani commented Jul 26, 2025
edited
Loading

Automatic LetsEncrpyt SSL (via certbot)

1-Report Checking Letsencrypt Access via certbot

sudo nano /opt/check-letsencrypt-access.sh
sudo chmod +x /opt/check-letsencrypt-access.sh
sudo bash /opt/check-letsencrypt-access.sh

script:

#!/bin/bash

GREEN='\033[0;32m'
RED='\033[0;31m'
YELLOW='\033[1;33m'
NC='\033[0m'
report=""

sites=(
    "Let’s Encrypt ACME v2|acme-v02.api.letsencrypt.org"
    "ACME Staging v2|acme-staging-v02.api.letsencrypt.org"
    "OCSP Int-X3|ocsp.int-x3.letsencrypt.org"
    "Chain Cert download|cert.int-x3.letsencrypt.org"
    "CRL IdenTrust|crl.identrust.com"
    "ISRG OCSP|isrg.trustid.ocsp.identrust.com"
#    "Google DNS Lookup|dns.google"
#    "Cloudflare DNS Lookup|1.1.1.1"
)

# Telnet Test Function
check_telnet() {
    host="$1"
    port="$2"
    timeout 3 bash -c "echo quit | telnet $host $port 2>/dev/null | grep -q 'Connected'" && return 0 || return 1
}

echo -n "Checking DNS (port 53/UDP) to 8.8.8.8... "
if timeout 3 bash -c 'echo > /dev/udp/8.8.8.8/53' 2>/dev/null; then
    echo -e "${GREEN}PASS${NC}"
    report+="DNS to 8.8.8.8:53 ..................... [PASS]\n"
else
    echo -e "${RED}FAIL${NC}"
    report+="DNS to 8.8.8.8:53 ..................... [FAIL]\n"
fi
echo

for entry in "${sites[@]}"; do
    name="${entry%%|*}"
    host="${entry##*|}"

    # Resolve IPv4
    ipv4=$(getent ahostsv4 "$host" | awk '/STREAM/ {print $1; exit}')
    if [ -z "$ipv4" ]; then
        echo -e "${YELLOW}Warning:${NC} Cannot resolve IPv4 for $host"
        report+="$name ($host) ........... [NO IPv4]\n"
        continue
    fi

    echo -e "$name ($host): IPv4 is ${YELLOW}$ipv4${NC}"
    for port in 80 443; do
        echo -n "  Testing port $port with telnet ... "
        if check_telnet "$ipv4" "$port"; then
            echo -e "${GREEN}PASS${NC}"
            report+="$name ($host:$port | $ipv4) ............. [TELNET PASS]\n"
        else
            echo -e "${RED}FAIL${NC}"
            report+="$name ($host:$port | $ipv4) ............. [TELNET FAIL]\n"
        fi
    done
done

echo -e "\n=================== Summary Report ==================="
echo -e "$report"

2-Gather SSL via certbot

Bash commands

For single subdomain:

certbot certonly --standalone -d example.com

or for wildcard:

certbot certonly --manual --preferred-challenges dns -d "*.example.com" -d "example.com"

3-Renew Certbot SSLs

sudo crontab -e

At crontab of root user set:

0 4 * * 0 /opt/renew-ssl.sh

script:

#!/bin/bash
systemctl stop nginx
certbot renew
systemctl restart nginx

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment