I’ve been automating SSL renewals for almost as long as i’ve been deploying them. for the most part, it is very smooth and easy to do. (thanks mostly to certbot and the hard work over at let’s encrypt) The trouble comes up with non publicly addressable servers and other custom setups. cough cough. . . Unifi. . . cough cough.
I recently discovered a tool that makes all those complicated setups as easy as the original certbot installs. acme.sh is that tool. two lines! not since screen have i regret any time i spent not using such a tool.
./acme.sh –renew -d “unifi.domain.com”
./acme.sh –deploy -d “unifi.domain.com” –deploy-hook unifi