new better script for renewing
#!/bin/sh
domain="YOUR.DOMAIN.COM"
webserver="nginx" # or pimatic
monit unmonitor $webserver
monit unmonitor $domain
service $webserver stop
# get new agent
cd /opt/letsencrypt
git pull
# get new cert
./letsencrypt-auto -d $domain certonly
if [ $? -ne 0 ]
then
ERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`
echo -e "The Lets Encrypt Cert has not been renewed! \n \n" $ERRORLOG | mail -s "Lets Encrypt Cert Alert" root
else
echo -e "The Lets Encrypt Cert has been renewed! \n \n" $ERRORLOG | mail -s "Lets Encrypt Cert Info" root
fi
cd /etc/letsencrypt/live/$domain
# convert cert
openssl x509 -outform der -in cert.pem -out cert.crt
openssl x509 -outform der -in fullchain.pem -out fullchain.crt
cat fullchain.pem privkey.pem > fullchain_key.pem
chmod 0700 *
#start server
service $webserver start
monit monitor $webserver
monit monitor $domain