Skip to content

Add a Let's Encrypt SSL cert renewal script and cronjob #173

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 28 commits into from
Jul 27, 2025
Merged

Add a Let's Encrypt SSL cert renewal script and cronjob #173

merged 28 commits into from
Jul 27, 2025

Conversation

jhodapp
Copy link
Member

@jhodapp jhodapp commented Jul 25, 2025
edited
Loading

Description

This PR adds a Let's Encrypt SSL cert renewal script, installs it into the deployment process, and sets up a cronjob to run this script twice a day.

GitHub Issue: N/A

Changes

  • Adds a Let's Encrypt SSL cert renewal script called renew-cert.sh
  • Adds it to deploy_to_do.yml deployment script to install on the DO droplet
  • Adds a new cronjob to run this script every 12 hours

Testing Strategy

  1. Test the deployment updates by changing the production env var BACKEND_IMAGE_NAME to ghcr.io/refactor-group/refactor-platform-rs/improve_lets_encrypt_ssl_cert_renewal:latest

  2. Kick off a deployment from GitHub Actions making sure to deploy with the branch improve_lets_encrypt_ssl_cert_renewal

  3. Test the renewal script in dry-run mode (won't actually renew, just checks):
    sudo certbot renew --webroot -w ./nginx/html --dry-run

  4. If that works, test your actual renewal script:
    ./nginx/scripts/renew-certs.sh

  5. Check that the log file was created:
    cat nginx/logs/letsencrypt-renewal.log

  6. Verify nginx is still running and serving your site:

docker ps | grep nginx
curl -I https://refactor.engineer
  1. Make sure to change the production env var BACKEND_IMAGE_NAME back to ghcr.io/refactor-group/refactor-platform-rs/main:latest

Concerns

None

@jhodapp jhodapp added this to the 1.0.0-beta2 milestone Jul 25, 2025
@jhodapp jhodapp self-assigned this Jul 25, 2025
@jhodapp jhodapp added enhancement Improves existing functionality or feature infrastructure DevOps related labels Jul 25, 2025
@jhodapp jhodapp moved this to 🏗 In progress in Refactor Coaching Platform Jul 25, 2025
@jhodapp jhodapp marked this pull request as ready for review July 27, 2025 22:02
@jhodapp
Copy link
Member Author

jhodapp commented Jul 27, 2025

Bypassing PR review rules since this is a timely fix to land and Claude gave a helpful an comprehensive PR review of with suggestions implemented.

@jhodapp jhodapp merged commit 58b654e into main Jul 27, 2025
5 of 9 checks passed
@jhodapp jhodapp deleted the improve_lets_encrypt_ssl_cert_renewal branch July 27, 2025 22:03
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Refactor Coaching Platform Jul 27, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jhodapp jhodapp

Labels
enhancement Improves existing functionality or feature infrastructure DevOps related
Projects
Refactor Coaching Platform
Status: ✅ Done
Milestone
1.0.0-beta2
Development

Successfully merging this pull request may close these issues.
1 participant
@jhodapp