September 5, 2020

Configuring Auto Renewing Let's Encrypt SSL

Allow the certificate to auto renew, so that you as a server admin or not don’t have to log in to the server to renew all your certs.

The renewal is run by cron. You can create it.

The following steps:

For nginx

Create cron file.

$ vi /etc/cron.d/certbot

and then enter the script:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

For apache2

Download certbot renew package file

$ wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

Move certbot renew package file

$ sudo mv certbot-auto /etc/letsencrypt/

Create cron file.

$ vi /etc/cron.d/certbot

and then enter the script:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

This will run the renew process twice daily.

References