Script for email with expired LE certs

Discussion in 'Tips/Tricks/Mods' started by MaxT, Sep 11, 2023.

  1. MaxT

    MaxT Member HowtoForge Supporter

    sometimes the Let's Encrypt certificates were not renewed. I have created this script to warn on expired certificates.
    It works by parsing results from /root/, which is part of LE install inside ISPC
    The script here is named to be placed inside /root: /root/
    It is executed with a daily cron

    # Email Warning with expired LE certs
    # Daily cron. Example:
    # 30 10 * * * /root/ /dev/null 2>&1
    # get root email
    PRE1=`/root/ --list | awk '{print $1" " $6}' | tr 'T' ' '`;
    LISTADOM=`echo "$PRE1" | awk  '{print $1"_"$2}' | awk 'NR - 1'`
    # check domains
    for DOM in $LISTADOM
        # extract date
        fexpira=`date --date="$pfecha" '+%s'`
        # get number of days
        fhoy=`date '+%s'`
        f_diff=`expr $fexpira - $fhoy`
        fdias=`expr $f_diff / 86400`
        # check expired
        if [[ $fdias -lt 0 ]]; then
            DOMCAD=" $DOM $fdias days"
    # $LISTCAD contains the list of expired certificates
    # echo -e $LISTCAD
    # send email with expired domains
    if [[ $ENVMAIL == "si" ]]; then
        echo -e "Expired LE Certificates:\n\n$LISTCAD \n" | mail -s "WARNING LE: expired certificates" $email
    Example email received:

    Expired LE Certificates:
 -4 days -8 days
    hope it can be useful in case of a similar problem
    ahrasis and Th0m like this.
  2. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    Agreed. But there is already email sent for that purpose by LE, if you already set the email correctly.
    MaxT likes this.
  3. MaxT

    MaxT Member HowtoForge Supporter

    strange, I have never received these emails from LE. I will check it, thanks :)
  4. ahrasis

    ahrasis Well-Known Member HowtoForge Supporter

    The email was previously normally set up by ISPConfig installer (not sure auto installer) only during install via certbot certonly command for server LE SSL certs i.e. [email protected].

    My quick check on the code both at ISPConfig installer (lib) and autoinstaller, both surprisingly revealed that the email was not set up during any of that process except fonly or the above mentioned. Another quick look to ISPConfig Perfect Server tutorials also reveal the same, i.e. no instructions to set email for Let's Encrypt notification on this very important reminder.

    Thus wise, I think the best way for the server admins is to update their ISPConfig servers Let's Encrypt email via the following command:
    For certbot:
    certbot update_account --email [email protected]
    Code: --update-account --accountemail [email protected]
    For the developers (@till, @Th0m,, @Jesse Norell), I would suggest that this will at least be added to the auto installer and the ISPConfig Perfect Server tutorials for at least 5 years back to help the new users to set this up right upon ISPConfig install.
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    The email address gets set when the SSL cert is requested per cert when using certbot, so no need to set this at install time for certbot. But it seems this has not been implemented for as does not support this. So we might indeed have to set this at install time for

Share This Page