September 5, 2020

Configuring Auto Renewing Let's Encrypt SSL

Activities, Android Developer, Ansible, Apache2, Atlassian, Ayo Belajar Linux, Bestpath Network, BLC Telkom Klaten, BSD, Caddy Server, Case Study, Cisco, Cisco Indonesia, Cloud Computing, Cockpit, Custom Weapons, Docker, E-Learning, Engenius, Error, FreeBSD, FreeBSD Indonesia, Komunitas Pengguna Linux Indonesia, KPLI Bulukumba, KPLI Klaten, Lets Encrypt, Linux, MacOS, Microsoft Azure, Microsoft SQL Server, MikroTik, MikroTik Indonesia, MySQL, Nginx, Open edX, OpenSID, Others, PHP, phpMyAdmin, PostgreSQL, Proxmox, Python, Redash, Sendy, SSH, Stories, Subnetting, TP-Link, Ubiquiti, Unix, Virtualization, Windows, X-Mosque, Faizar Septiawan, Icar, siBunglonGanteng, Orang Ganteng, siBunglonLabs, Programmer, SysAdmin, Site Reliability Engineer, Developer, Palugada, Makassar, Ganteng, Gila, Cyclist, Panglima, Setan, Panglima Setan, sibunglon, Ganteng

Allow the certificate to auto renew, so that you as a server admin or not don’t have to log in to the server to renew all your certs.

The renewal is run by cron. You can create it.

The following steps:

For nginx

Create cron file.

$ vi /etc/cron.d/certbot

and then enter the script:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

For apache2

Download certbot renew package file

$ wget https://dl.eff.org/certbot-auto && chmod a+x certbot-auto

Move certbot renew package file

$ sudo mv certbot-auto /etc/letsencrypt/

Create cron file.

$ vi /etc/cron.d/certbot

and then enter the script:

SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * cd /etc/letsencrypt/ && ./certbot-auto renew && /etc/init.d/apache2 restart

This will run the renew process twice daily.

References