--- /dev/null
+#!/bin/bash
+# Copyright (C) 2016 Ian Kelling
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+# http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+source ~/.bashrc
+
+if [[ ! -e /dev/shm/iank-status ]]; then
+ exit 0
+fi
+eval $(< /dev/shm/iank-status)
+
+if [[ $HOSTNAME != "$MAIL_HOST" || $HOST2 && $HOST2 != "$HOSTNAME" ]]; then
+ exit 0
+fi
+
+lock_file=/tmp/check-lets-encrypt-ssl-settings
+if [[ -e $lock_file ]]; then
+ exit 0
+fi
+
+d=/a/opt/certbot
+gitget https://github.com/certbot/certbot.git $d |& ts "%F %T" >>/tmp/${0##*/}.log
+cd $d
+
+f=certbot-apache/certbot_apache/_internal/tls_configs/current-options-ssl-apache.conf
+out=$(git log -p --since 2020-04-06 $f)
+
+if [[ $out ]]; then
+ cat <<EOF
+Let's encrypt has new ssl settings.
+1. edit mail-setup and web-conf
+2. Update servers
+3. edit the date in $0
+4. rm $lock_file
+The change is:
+$out
+EOF
+ touch $lock_file
+fi