certhub-cert-expiry@.service¶
Description¶
A service which checks validity of a certificate read from the repository. Formats a message and writes it to a status file if the respective certificate is about to expire.
A path unit which runs the service unit whenever the master branch of the local certhub repository is updated.
A timer unit which runs the service twice daily.
The instance name (systemd instance string specifier %i
) is used as the
basename of the certificate file and the resulting status message.
Environment¶
-
CERTHUB_REPO
¶ URL of the repository where certificates are stored. Defaults to:
/var/lib/certhub/certs.git
-
CERTHUB_CERT_PATH
¶ Path to the certificate file inside the repository. Defaults to:
{WORKDIR}/%i.fullchain.pem
-
CERTHUB_CERT_EXPIRY_TTL
¶ See manpage:certhub-cert-expiry(1), defaults to 30 days in seconds, i.e.
2592000
-
CERTHUB_CERT_EXPIRY_MESSAGE
¶ Message written to the status file if certificate is about to expire. Defaults to
Certificate will expire within 30 days
-
CERTHUB_CERT_EXPIRY_STATUSFILE
¶ Location of status file written if a certificate is about to expire. Defaults to:
/var/lib/certhub/status/%i.expiry.status
Files¶
-
/etc/certhub/env
¶ Optional environment file shared by all instances and certhub services.
-
/etc/certhub/%i.env
¶ Optional per-instance environment file shared by all certhub services.
-
/etc/certhub/certhub-cert-expiry.env
¶ Optional per-service environment file shared by all certhub service instances.
-
/etc/certhub/%i.certhub-cert-expiry.env
¶ Optional per-instance and per-service environment file.
See Also¶
certhub-cert-expiry(1), certhub-format-message(1), certhub-status-file(1)