Auto renewing IRCd certs
I have decided to finally set up auto renewing certificates since Let's Encrypt are removing1 their reminder emails, and this was way overdue anyway because it is very annoying to manually renew certificates even if it is every 2–3 months. My servers are already running a webserver, so in the past I have just shut that down temporarily to renew the certificate so port 80 would not be in use. Today I found out about the webroot2 plugin, which can use an existing web server to create and renew a certificate.
certbot certonly --webroot -w /var/www/example -d www.example.com
This is the command I used and it works for what I need it for, but for my IRC server it is a bit more complicated. The command creates the certificate I need, but in my case the IRC server is running on a different user. The owner of the certificates (and the symlinks) need to be changed, and the IRC server configuration needs to be reloaded. By default, a systemd timer is running every 12th hour to renew any certificates that are due for renewal. So to make it as simple as possible, I added a cronjob that does two things; change the owner for the certificates and reloads the IRCd config. Yes, I can use a systemd timer but I am lazy.
0 */12 * * * chown -R irc:irc /etc/letsencrypt/archive/www.example.com /etc/letsencrypt/live/www.example.com
0 */12 * * * killall -HUP ngircd
In my case I am running ngIRCd3, but I have changed the folders and domain names to placeholder examples. At least I hope this works, I will just have to wait and see.