SSL Renewal
Pipeline
name: ssl-renewdescription: "Renew SSL certificates and reload the web server"steps: - id: renew run: "certbot renew --non-interactive --agree-tos"
- id: verify run: "openssl x509 -in /etc/letsencrypt/live/example.com/fullchain.pem -noout -enddate" depends_on: "renew"
- id: reload run: "nginx -t && systemctl reload nginx" depends_on: "verify"
- id: check run: "curl -sI https://example.com | head -1" depends_on: "reload" retry: 2Concepts demonstrated
- Dependencies — strict linear chain: renew → verify → reload → check
- Retry — final health check retries twice (server may need a moment after reload)
- Output passing — certificate expiry date is captured as
$PIPE_VERIFYfor downstream use