Updating NGINX certificates automatically from Domino CertMgr
Daniel Nashed – 28 December 2024 10:43:46
Not sure you are aware this has been around for while.
I never added a readme to the directory. The script is in the HCL GitHub CertMgr repository, which is mainly intended for CertMgr integrations, but provides other resources.
This script can find out if your certificate for an existing key got updated and just pulls the new cert.
https://github.com/HCL-TECH-SOFTWARE/domino-cert-manager/blob/main/examples/nginx/cert_upd_nginx.sh
The results from this script looks like this.
If nothing needs to be updated no details are printed.
The script could be scheduled automatically and it can also update NGINX or other services which use the certificate.
In my case I am using Domino Certificate URL Health check. I get a mail 30 days before expiration and just run the command.
But there is more automation possible (like running this script in a cron job).
I just keep it that way because I want exercise all the different functionality like the health check and once in a while get a mail to look at.
CertMgr is based on standards like PEM for certificates, public keys, certificate chains, exportable keys, trusted roots.
It is designed for integration and automation flows. I am using it in many different ways.
-- Daniel
/cert-update-dnug-lab.sh
---------------------------------
Sat Dec 28 10:42:53 AM UTC 2024
---------------------------------
Certificate Update
------------------
SAN : DNS:*.dnug.eu, DNS:*.lab.dnug.eu, DNS:dnug.eu
Subject : CN=*.dnug.eu
Issuer : C=US, O=Let's Encrypt, CNæ
Expiration : Mar 9 15:25:17 2025 GMT
Fingerprint : B7:1E:79:32:87:65:4B:8F:AC:97:76:06:29:D1:B5:48:03:9B:0C:41
Serial : 049DE8710E8C129D59263ACB6B6A5489D614
Reloading NGINX configuration due to certificate update
- Comments [0]
![[HCL Domino]](../lotus-domino.gif){kind=small}
![[Domino on Linux]](../domino-linux.gif){kind=small}
![[Nash!Com]](../nashcom.gif){kind=small}
![[Daniel Nashed]](../daniel-nsh.gif){kind=small}