Script to push SSL certs to other devices on renewal?

I am using a wildcard cert for my main domain on several other devices in my home, such that when my Virtualmin server updates the cert via LetsEncrypt, it calls a script to run two sub-scripts, which each target a specific device.

The script I have in Virtualmin is:

#!/bin/sh
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi

I know the two sub-scripts it calls work when I run them individually, and the main script (above) works when I comment out the “if” statements and run it manually.

It looks like I’m having trouble with properly triggering the script on SSL Renewal - can I get verification my script is correct?

The script looks OK, to me.

I would suspect something is missing from the environment that makes your called scripts not work. Try checking the Webmin action log (in /var/webmin/webmin.log) and maybe adding some logging of your own to see what’s happening.

First make sure the if logic is sound:

#!/bin/sh
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
        echo "We made it!" >> /root/cert-copy.log
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi

Then if that shows up in that file, redirect the output of those commands to the log (assuming they have output, if they don’t, add some). You need to just step through your assumptions, since one of them is wrong. I don’t think your logic related to when to run is wrong, but you should prove it before you start looking for what is wrong.

This is my updated script, with testing calls:

#!/bin/sh
echo  `date` " - Parent Script called successfully" >> /root/scripts/scriptlog.txt
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
        echo  `date` " - Parent script conditions met" >> /root/scripts/scriptlog.txt
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi
echo  `date` " - Parent Script completed successfully" >> /root/scripts/scriptlog.txt

So it will log if it’s called by Virtualmin, and it will also log if the conditions are met, and when it ends (so I can see what’s between, if needed).

The pihole-certs.sh also logs to the same file, so there’s that. The deploy_freenas.py is in Python which I’m not as familiar with, but hopefully if everything else runs, this one will to, and I can just check my TrueNAS to see if the cert updated.

Gonna wait a day before I renew my SSL Cert, so I’m not spamming the servers and lock myself out.

EDIT: I got a print statement to work in deploy_freenas.py, so I can see exactly what’s being called when.

Before I did my test this morning, I added more output to the script to track where the failure is. The new script is:

#!/bin/sh
echo `date` " - Parent Script called successfully"
echo `date` " - Parent Script called successfully" >> /root/scripts/scriptlog.txt
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    echo "SSL Condition Passed" >> /root/scripts/scriptlog.txt
    if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
        echo "Domain Condition Passed" >> /root/scripts/scriptlog.txt
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi
echo `date` " - Parent Script ended successfully" >> /root/scripts/scriptlog.txt
echo "===" >> /root/scripts/scriptlog.txt

The output from renewing the cert in Virtualmin is:

Thu Jun 26 08:45:22 EDT 2025  - Parent Script called successfully
SSL Condition Passed
Thu Jun 26 08:45:22 EDT 2025  - Parent Script ended successfully
===

So it looks like the SSL part is working, it’s failing on recognizing aiskon.net as the domain / server that the action is called on.

Why not just echo
$VIRTUALSERVER_DOM
To see what it contains ? Perhaps echoing quotes around it to identify if the variable is empty

Good idea - Updated script:

#!/bin/sh
echo `date` " - Parent Script called successfully"
echo `date` " - Parent Script called successfully" >> /root/scripts/scriptlog.txt
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    echo "SSL Condition Passed" >> /root/scripts/scriptlog.txt
    echo "$VIRTUALSERVER_DOM" >> /root/scripts/scriptlog.txt
    if ["$VIRTUALSERVER_DOM" = "aiskon.net"]; then
        echo "Domain Condition Passed" >> /root/scripts/scriptlog.txt
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi
echo `date` " - Parent Script ended successfully" >> /root/scripts/scriptlog.txt
echo "===" >> /root/scripts/scriptlog.txt

This is the output:

Thu Jun 26 11:17:21 EDT 2025  - Parent Script called successfully
SSL Condition Passed
aiskon.net
Thu Jun 26 11:17:21 EDT 2025  - Parent Script ended successfully
===

So it’s the right domain, but it’s not triggering the next part of the script, it seems.

It needs spaces around [ ] to recognize it properly, i.e.:

if [ "$VIRTUALSERVER_DOM" = "aiskon.net" ]; then
...

I had JUST noticed this when you posted - that fixed it!

Thu Jun 26 12:02:16 EDT 2025  - Parent Script called successfully
SSL Condition Passed
aiskon.net
Domain Condition Passed
deploy_frerenas called successfully.
Thu Jun 26 12:02:36 EDT 2025  - PiHole script called successfully
Thu Jun 26 12:02:36 EDT 2025  - Parent Script ended successfully

So the working script, without the troubleshooting code, is:

#!/bin/sh
if [ "$VIRTUALSERVER_ACTION" = "SSL_DOMAIN" ]; then
    if [ "$VIRTUALSERVER_DOM" = "aiskon.net" ]; then
        /root/scripts/deploy-freenas/deploy_freenas.py
        /root/scripts/pihole-certs.sh
    fi
fi

Thank you for the assist!

You’re welcome!

This topic was automatically closed 8 days after the last reply. New replies are no longer allowed.