1. You host apps like the big boys do ?
2. You don't afraid to take responsibility for Your own VPS ?
3. You say "NO" to those childish domains with fancy letters and words like: "lookatmydomainname.com" but rather prefer highly enjoyable IP numbers sexy as Tom Cruise and old Cadillac ?

4. You dont like setting up SSl and refreshing it over and over again ?

   Youre in a good spot! Follow along and make SSL certs run on IP address of your COOLIFY VPS best way there always been?-SELF-HANd.....relient....obviously SELF RELIENT!

How it works ?

• If the cert or key doesn’t exist — it:

  • Creates /etc/ssl/certs/coolify-selfsigned.crt
  • Creates /etc/ssl/private/coolify-selfsigned.key
  • Uses default values for country/state/org (you can customize them if you like)
  • Logs the entire process
  • Emails you that it successfully created the cert

🔁 Renewal (if certs already exist)

• It:

  • Backs up current cert and key to a timestamped folder
  • Creates a fresh new cert valid for 365 days
  • Replaces the old one
  • Reloads NGINX to apply it
  • Emails you success or failure
  • Logs it all

🧠 Smart Logic

• Doesn’t break if files are missing — just regenerates them
• Doesn’t overwrite backups — stores them neatly by date
• Won’t crash silently — will email you even if NGINX fails to reload

🤖 Auto Mode (via cron)

• You can schedule it (e.g., every 6 months)
• run it by cron or manually, -> it does the same full check + create + backup + renew process
• You don’t need to do anything — take Your mama on pizza, smash buttons or do whatever the hell you want

🧪SETUP

you don't ask...You COMMAND!

Open with nano:

sudo nano /usr/local/bin/renew-coolify-cert-auto.sh

Paste the script and save it:

CERT_PATH="/etc/ssl/certs/coolify-selfsigned.crt"
KEY_PATH="/etc/ssl/private/coolify-selfsigned.key"
BACKUP_DIR="/etc/ssl/backup-$(date +%F_%H-%M-%S)"
LOG_FILE="/var/log/coolify-cert-renew.log"
ALERT_EMAIL="[email protected]" # <-- CHANGE THIS


{
echo "========== $(date '+%F %T') =========="

# Check if cert/key exist
if [[ ! -f "$CERT_PATH" || ! -f "$KEY_PATH" ]]; then
    echo "[!] Cert or key missing. First-time setup or files deleted."
    echo "[+] Generating new certificate..."
    mkdir -p "$(dirname "$CERT_PATH")" "$(dirname "$KEY_PATH")"
else
    echo "[*] Backing up existing certs to $BACKUP_DIR"
    mkdir -p "$BACKUP_DIR"
    cp "$CERT_PATH" "$BACKUP_DIR/"
    cp "$KEY_PATH" "$BACKUP_DIR/"
fi

# Generate new cert
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
-keyout "$KEY_PATH" \
-out "$CERT_PATH" \
-subj "/C=US/ST=None/L=None/O=SelfSigned/CN=coolify.local"

# Secure the key file
chmod 600 "$KEY_PATH"

# Reload NGINX
echo "[*] Reloading NGINX..."
if systemctl reload nginx; then
    echo "[✓] SSL cert created or renewed successfully."
    mail -s "✅ Coolify SSL Cert Created/Renewed" "$ALERT_EMAIL" <<< "Success: Coolify self-signed cert created or renewed on $(hostname) at $(date)"
else
    echo "[X] NGINX reload failed!"
    mail -s "❌ Coolify SSL Renewal Failed" "$ALERT_EMAIL" <<< "ERROR: Coolify cert was generated but NGINX reload failed on $(hostname) at $(date). Check it manually."
fi

echo "====================================="
} | tee -a "$LOG_FILE"

Make it executable:

sudo chmod +x /usr/local/bin/renew-coolify-cert-auto.sh

Do the test run :

yea..yeah...i know it violates "yolo" policy which is the only correct but just do it and tell others you haven't. Your'e not a god damn politician to tell the truth at all times ffs

sudo /usr/local/bin/renew-coolify-cert-auto.sh

🔁 Add Cron (6-month schedule):

sudo crontab -e

Paste:

don't rush it...slowly...be gentle like President Trump on stock markets

0 0 1 1,7 * /usr/local/bin/renew-coolify-cert-auto.sh

🔥CONGRATS! You became a LEGEND running hardened, hands-off Coolify cert! Bards praise thy name in taverns all over Middleearth!

...but just in case Your'e ambitions havent been fulfied yet... you need more and being a legend is simply not enough for You. Lets be honest - there are few legends out there already:
...Rocky...Rambo...Cobra...Stallone - being fifth does not satisfy you....
alright...- GEEET TOO THE CHOPPPPA!

Telegram + Discord Alerts Setup (instead of/in addition to Email)

This baby will:

✅ Message your Telegram

✅ Post to Discord channel webhook

✅ Still support email if you so choose
because You are KING. King never MUST. King rightfully DEMANDS for and gets OPTIONS!

🧪 Step 1: Prepare Telegram Bot

1. In Telegram, search: @BotFather
2. Type /newbot and follow the prompts to:
3. • Name your bot

   make sure to give him some love!
   Call him Renfield, Squire, Elon - whatever

   • Get your bot token (save it)

4. Copy the token (looks like 123456789:ABCdefGHI...)

5. Start a chat with your bot (/start)

6. Now find your Telegram user ID:

- Visit this bot: https://t.me/userinfobot
- It’ll reply with your user ID

🧪 Step 2: Create Discord Webhook

1. Go to your server settings → Integrations → Webhooks
2. Click New Webhook
3. Choose a channel
4. Copy the Webhook URL

🧠 Step 3: Update the Script

Here’s the updated portion of the script with Telegram + Discord alerts (plus optional email)
Paste it at the bottom of script below "} | tee -a "$LOG_FILE"

# Send Telegram Alert
send_telegram() {
  local MESSAGE=$1
  TELEGRAM_TOKEN="YOUR_TELEGRAM_BOT_TOKEN"
  TELEGRAM_USER_ID="YOUR_TELEGRAM_USER_ID"
  curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_TOKEN/sendMessage" \
       -d chat_id="$TELEGRAM_USER_ID" \
       -d text="$MESSAGE" \
       -d parse_mode="Markdown"
}

# Send Discord Alert
send_discord() {
  local MESSAGE=$1
  DISCORD_WEBHOOK_URL="YOUR_DISCORD_WEBHOOK_URL"
  curl -s -H "Content-Type: application/json" \
       -X POST \
       -d "{\"content\": \"$MESSAGE\"}" \
       "$DISCORD_WEBHOOK_URL"
}

# Alert message text
ALERT_MSG="[*] Coolify SSL Cert was updated on $(hostname) at $(date +'%F %T')"

# Success alert
if systemctl reload nginx; then
  ALERT_MSG="✅ *Coolify SSL updated successfully* on \`$(hostname)\` at \`$(date +'%F %T')\`"
else
  ALERT_MSG="❌ *Coolify SSL updated but NGINX reload failed!* on \`$(hostname)\` at \`$(date +'%F %T')\`"
fi

# Send alerts
send_telegram "$ALERT_MSG"
send_discord "$ALERT_MSG"

# Optional Email (still supported)
mail -s "Coolify SSL Update Status" "$ALERT_EMAIL" <<< "$ALERT_MSG"

🔧 Replace placeholders:

or tell Elon to do it - he is very efficient

• YOUR_TELEGRAM_BOT_TOKEN → Your bot token
• YOUR_TELEGRAM_USER_ID → From @userinfobot
• YOUR_DISCORD_WEBHOOK_URL → Your webhook URL
• (Optional) Change or remove email alert

✅ Done!

Try a manual run:

sudo /usr/local/bin/renew-coolify-cert-auto.sh

You should see messages pop up on both Telegram and Discord. 🔔💬

World salutes You!

surprised Elon take notes on how it's ment to be made

stay with us Elon!

ALLLLMOST there....

AAAAAND WE GOT A SCORE !!!!

What a fantastic moment for entire humanity and all that thanks to YOU!