From e962fe91899c169525ea015d702135f0ba10b0e3 Mon Sep 17 00:00:00 2001
From: Christian Hesse <mail@eworm.de>
Date: Fri, 27 Mar 2020 21:41:18 +0100
Subject: add doc/check-certificates.md

---
 doc/check-certificates.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 52 insertions(+)
 create mode 100644 doc/check-certificates.md

(limited to 'doc')

diff --git a/doc/check-certificates.md b/doc/check-certificates.md
new file mode 100644
index 0000000..51ecd14
--- /dev/null
+++ b/doc/check-certificates.md
@@ -0,0 +1,52 @@
+Renew certificates and notify on expiration
+===========================================
+
+[◀ Go back to main README](../README.md)
+
+Description
+-----------
+
+This script tries to download and renew certificates, then notifies about
+certificates that are still about to expire.
+
+Requirements and installation
+-----------------------------
+
+Just install the script:
+
+    $ScriptInstallUpdate check-certificates;
+
+Configuration
+-------------
+
+The expiry notifications just require notification settings for e-mail and
+telegram.
+
+For automatic download and renewal of certificates you need configuration
+in `global-config-overlay`, these are the parameters:
+
+* `CertRenewPass`: an array of passphrases to try
+* `CertRenewUrl`: the url to download certificates from
+
+Certificates on the web server should be named `CN.pem` (`PEM` format) or
+`CN.p12` (`PKCS#12` format).
+
+Usage and invocation
+--------------------
+
+Just run the script:
+
+    / system script run check-certificates;
+
+... or create a scheduler for periodic execution:
+
+    / system scheduler add interval=1d name=check-certificates on-event="/ system script run check-certificates;" start-time=startup;
+
+See also
+--------
+
+* [Renew locally issued certificates](certificate-renew-issued.md)
+
+---
+[◀ Go back to main README](../README.md)  
+[▲ Go back to top](#top)
-- 
cgit v1.2.3-54-g00ecf