Last active
February 16, 2026 14:52
-
-
Save BlackthornYugen/f56d2c2ed7c460fba2e72029e67c345b to your computer and use it in GitHub Desktop.
ESXI Update certificate from URL
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env sh | |
| # ESXI Update certificate from url | |
| # | |
| # 1. Save this script in /opt/update_cert.sh (and chmod +x it) | |
| # | |
| # 2. Add one of these to /var/spool/cron/crontabs/root: | |
| # Debug logging: | |
| # 00 1 * * * sh -x /opt/update_cert.sh https://pem.jsteelkw.dev/$(hostname -f).cer 2>&1 | tee -a /opt/certs.log | |
| # Normal: | |
| # 00 1 * * * /opt/update_cert.sh https://pem.jsteelkw.dev/$(hostname -f).cer | |
| # | |
| # 3. Restart busybox's crond | |
| # kill $(cat /var/run/crond.pid) | |
| # /usr/lib/vmware/busybox/bin/busybox crond | |
| set -e | |
| OLD_CERT=/etc/vmware/ssl/rui.crt | |
| TMP_CERT=$(mktemp) | |
| wget -O "$TMP_CERT" "$1" | |
| if diff $OLD_CERT "$TMP_CERT" > /dev/null ; then | |
| echo "Certificate has not changed" | |
| else | |
| echo "New certificate found. Updating configuration." | |
| AFTER=$(openssl x509 -noout -enddate -in "$TMP_CERT") | |
| cp "$TMP_CERT" "$OLD_CERT" | |
| esxcli system syslog mark --message="Certificate updated. New certificate will expire on ${AFTER##notAfter=}." | |
| /etc/init.d/hostd restart | |
| /etc/init.d/vpxa restart | |
| fi | |
| rm "$TMP_CERT" |
Author
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We stopped using ESXI about two years ago during the Broadcom stuff, so we are using proxmox now.