prune old keys and certificates

2022-09-10 16:53:29 -03:00 · 2022-09-10 16:53:29 -03:00 · ff742db293
commit ff742db293
parent 6b72006d65
2 changed files with 10 additions and 0 deletions
--- a/certbotd.sh
+++ b/certbotd.sh
@ -63,6 +63,10 @@ case $1 in
      touch "${updated}"
    done

+    ;;
+  prune)
+    comm -13 <(realpath /etc/letsencrypt/live/*/*.pem | sort) <(find /etc/letsencrypt/archive/ -name "*.pem" | sort) | xargs rm -v
+    touch "${updated}"
    ;;
  # Generate certificates
  *)
--- a/monit.conf
+++ b/monit.conf
@ -10,6 +10,12 @@ check program certbot_renew
  every "13 5 * * *"
  if status != 0 then alert

+# Prune old keys
+check program certbot_prune
+  with path "/usr/local/bin/certbotd prune"
+  every "13 1 2 * *"
+  if status != 0 then alert
+
 # Get missing certificates for every cycle.
 check program certbot
  with path "/usr/local/bin/certbotd"