Having a secure way to manage your usenet downloads of the hit movie Big Buck Bunny with SABnzbd+ is great, but one problem/feature of Let’s Encrypt is that the SSL certificates expire only after three months, requiring plenty of renewals. Luckily this can be easily scripted and forgotten.
The primary part of renewing the SSL certificates will be handled by a modified version of Erika Heidi‘s le-renew.sh script. Erika’s script does a few things we don’t need, such as restarting Apache, so I forked it on GitHub and made a few changes.
The first thing we need to do is download a copy of le-renew.sh, install it locally, and make it executable:
sudo curl -L -o /usr/local/sbin/le-renew-standalone https://gist.githubusercontent.com/emrikol/055ea6afcfcfda7de7da/raw/ab9704e28912964e6d3828379f490dc697e794b8/le-renew.sh sudo chmod +x /usr/local/sbin/le-renew-standalone
Since le-renew.sh is a generic renewal script, we also need a helper script to do the extra work for SABnzbd+. Edit and save the following script to
/usr/local/sbin/sabnzbd-renew-ssl and then run
chmod +x /usr/local/sbin/sabnzbd-renew-ssl to make it executable.
#!/bin/bash ufw allow https /usr/local/sbin/le-renew-standalone yourdomain.example.com >> /var/log/le-renew-standalone.log ufw deny https cp /etc/letsencrypt/live/yourdomain.example.com/cert.pem /path/to/.sabnzbd/admin/server.cert cp /etc/letsencrypt/live/yourdomain.example.com/privkey.pem /path/to/.sabnzbd/admin/server.key /etc/init.d/sabnzbdplus restart
le-renew-standalone, all of these commands were covered in my earlier post about SABnzbd+ and Let’s Encrypt.
Now we just need to add
sabnzbd-renew-ssl to the cron so that it will run weekly and make sure our SSL certs are renewed.
sudo crontab -e
Add this line to the crontab (borrowed again from Erika):
30 2 * * 1 /usr/local/sbin/sabnzbd-renew-ssl
My next goal is to get Let’s Encrypt set up and automated with Sonarr, but it doesn’t look like it will be as easy since we’ll have to convert cert formats.
Disclaimer: This is what worked for me, and I’m just using this as a brain dump. I’m not a network security expert, so don’t do anything I say.