In my last post I made a somewhat sloppy solution to do monthly rotation of my Lets Encrypt certificates for Mailcow. Turns out that acme.sh has a neat built-in solution for rotation!

If you make a weekly or monthly systemd timer, with the following service definition, it'll all work out nicely!

Contents of /usr/lib/systemd/system/mailcow-certificate.timer:

[Unit]
Description=Monthly Mailcow certificate renewal

[Timer]
OnCalendar=weekly
RandomizedDelaySec=60m
Persistent=true

[Install]
WantedBy=timers.target

Contents of /usr/lib/systemd/system/mailcow-certificate.service:

[Unit]
Description=Monthly Mailcow certificate renewal
After=network.target network-online.target systemd-networkd.service 

[Service]
Type=oneshot
ExecStart=/bin/bash -c '/opt/acme.sh/acme.sh --cron --home "/root/.acme.sh"'
ExecStartPost=/bin/bash -c 'docker compose --file /opt/mailcow/docker-compose.yml restart'
KillMode=process
TimeoutStopSec=900

After that?

sudo systemctl enable mailcow-certificate.timer
sudo systemctl enable mailcow-certificate.service
sudo systemctl start mailcow-certificate.timer

kilala.nl tags: work, sysadmin,

View or add comments (curr. 0)

All content, with exception of "borrowed" blogpost images, or unless otherwise indicated, is copyright of Tess Sluijter. The character Kilala the cat-demon is copyright of Rumiko Takahashi and used here without permission.

Kilala.nl - Personal website of Tess Sluijter

About me

Blog archives

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

> Weblog

> Sysadmin articles

> Maths teaching

Monthly cert rewal for Mailcow, with a systemd timer