certhub-cert-expiry@.service¶
Synopsis¶
certhub-cert-expiry@.service
certhub-cert-expiry@.timer
Description¶
A service which checks validity of a certificate read from the repository. Formats a message and writes it to a status file if the respective certificate is about to expire.
A timer unit which runs the service twice daily.
The instance name (systemd instance string specifier %i
) is used as the
basename of the certificate file and the resulting status message.
Environment¶
- CERTHUB_REPO¶
URL of the repository where certificates are stored. Defaults to:
/var/lib/certhub/certs.git
- CERTHUB_CERT_PATH¶
Path to the certificate file inside the repository. Defaults to:
{WORKDIR}/%i.fullchain.pem
- CERTHUB_CERT_EXPIRY_TTL¶
See manpage:certhub-cert-expiry(1), defaults to 30 days in seconds, i.e.
2592000
- CERTHUB_CERT_EXPIRY_MESSAGE¶
Message written to the status file if certificate is about to expire. Defaults to
Certificate will expire within 30 days
- CERTHUB_CERT_EXPIRY_STATUSFILE¶
Location of status file written if a certificate is about to expire. Defaults to:
/var/lib/certhub/status/%i.expiry.status
Files¶
- /etc/certhub/env¶
Optional environment file shared by all instances and certhub services.
- /etc/certhub/%i.env¶
Optional per-instance environment file shared by all certhub services.
- /etc/certhub/certhub-cert-expiry.env¶
Optional per-service environment file shared by all certhub service instances.
- /etc/certhub/%i.certhub-cert-expiry.env¶
Optional per-instance and per-service environment file.
See Also¶
certhub-cert-expiry(1), certhub-format-message(1), certhub-status-file(1)