Skip to content

SSLMate

Menu
Help Topics

Download a Certificate

Run:

sslmate download HOSTNAME

The following files will be downloaded to the configured certificate directory, overwriting existing files with the same names:

  • example.com.crt - the certificate
  • example.com.chain.crt - the certificate chain (aka intermediate cert)
  • example.com.chained.crt - a concatenation of the certificate and the chain, for convenience

To download more than one certificate at once, specify multiple names on the command line to sslmate download. Pass the --all option in lieu of hostnames to download the certificate for every key in your key directory.

Normally, you do not need to run sslmate download because sslmate buy downloads these files automatically. Instead, sslmate download is intended to be placed in a cron job or a configuration management script to ensure that your servers always have the most up-to-date copy of your certificates. Thus, your can set your certificates to automatically renew and the renewed certificates will automatically propagate to your servers.

Exit Status

sslmate download exits with one of the following status codes:

  • 0 - new certificate files were downloaded
  • 10 - the current certificate files are up-to-date
  • other - an error occurred

You can use this exit status in your script to determine whether to restart services that use the certificate.

Example Cron Job

The following script could be placed in a file in /etc/cron.daily (make sure the script is executable):

#!/bin/sh if sslmate download --all > /dev/null then service apache2 restart > /dev/null fi

Every day, this script will attempt to download new certificates for every key in your key directory. If new certificates are downloaded, Apache will be restarted. For this to work, Apache must refer to the certificate files with their standard names in the SSLMate certificate directory (/etc/sslmate by default).

To run sslmate download from a cron job, you must have a /etc/sslmate.conf configuration file containing your SSLMate API credentials. Note that sslmate might not read your /root/.sslmate file when run from cron, although you can force it to do so by adding export SSLMATE_CONFIG=/root/.sslmate to the beginning of your script.