bash
5 lines · 1 tab
Kai Nakamura
Apr 2026
1 tab
#!/usr/bin/env bash
set -euo pipefail
certbot renew --quiet --deploy-hook "systemctl reload nginx"
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/fullchain.pem
1 file · bash
Explain with highlit
Certificate expiry outages are avoidable with boring automation and good alerting. I use automatic renewal, post-renew validation hooks, and external checks that warn well before expiry. TLS is not finished once the first certificate works.
Share this code
Here's the card — post it anywhere.