certhub-cert-expiry@.service

Synopsis

certhub-cert-expiry@.service

certhub-cert-expiry@.timer

Description

A service which checks validity of a certificate read from the repository. Formats a message and writes it to a status file if the respective certificate is about to expire.

A timer unit which runs the service twice daily.

The instance name (systemd instance string specifier %i) is used as the basename of the certificate file and the resulting status message.

Environment

CERTHUB_REPO

URL of the repository where certificates are stored. Defaults to: /var/lib/certhub/certs.git

CERTHUB_CERT_PATH

Path to the certificate file inside the repository. Defaults to: {WORKDIR}/%i.fullchain.pem

CERTHUB_CERT_EXPIRY_TTL

See manpage:certhub-cert-expiry(1), defaults to 30 days in seconds, i.e. 2592000

CERTHUB_CERT_EXPIRY_MESSAGE

Message written to the status file if certificate is about to expire. Defaults to Certificate will expire within 30 days

CERTHUB_CERT_EXPIRY_STATUSFILE

Location of status file written if a certificate is about to expire. Defaults to: /var/lib/certhub/status/%i.expiry.status

Files

/etc/certhub/env

Optional environment file shared by all instances and certhub services.

/etc/certhub/%i.env

Optional per-instance environment file shared by all certhub services.

/etc/certhub/certhub-cert-expiry.env

Optional per-service environment file shared by all certhub service instances.

/etc/certhub/%i.certhub-cert-expiry.env

Optional per-instance and per-service environment file.

See Also

certhub-cert-expiry(1), certhub-format-message(1), certhub-status-file(1)