diff --git a/certbotd.sh b/certbotd.sh index 04b5529..28f790a 100755 --- a/certbotd.sh +++ b/certbotd.sh @@ -63,6 +63,10 @@ case $1 in touch "${updated}" done + ;; + prune) + comm -13 <(realpath /etc/letsencrypt/live/*/*.pem | sort) <(find /etc/letsencrypt/archive/ -name "*.pem" | sort) | xargs rm -v + touch "${updated}" ;; # Generate certificates *) diff --git a/monit.conf b/monit.conf index 739d86d..0874ccb 100644 --- a/monit.conf +++ b/monit.conf @@ -10,6 +10,12 @@ check program certbot_renew every "13 5 * * *" if status != 0 then alert +# Prune old keys +check program certbot_prune + with path "/usr/local/bin/certbotd prune" + every "13 1 2 * *" + if status != 0 then alert + # Get missing certificates for every cycle. check program certbot with path "/usr/local/bin/certbotd"