Automating letsencrypt certificate renewal with cron

Letsencrypt allows you to install free SSL certificates on your site. The certificates expire after 3 months and they need to be renewed to avoid certificate errors.

Depending on how you install letsencrypt, and once you configure the certificates on the site, you will want to setup automatic renewal so you don’t have to manually check and renew.

You can setup automated renewals using cron scheduling tool on linux and the following steps:

1. Sudo to root user:
sudo su –

2. Edit crontab file:
crontab -e

3. Add the following line:
00 9 * * 6 /etc/letsencrypt/.certbot-auto renew –no-random-sleep-on-renew –renew-hook ‘/sbin/service httpd restart’ > /var/log/cert_renew.log 2>&1

Let’s break down the entry to see what some of the elements mean:

00 9 * * 6
This is the schedule part, we are going to run every Saturday (day 6) at 9:00am

/etc/letsencrypt/.certbot-auto renew –no-random-sleep-on-renew
This executes the renew command and specifies that there should be no random sleep delay because of the non-interactive (no user input) mode

–renew-hook ‘/sbin/service httpd restart’
The renew hook allows running of a command upon certificate renewal, so only if the certificate or certificates were expired and had to be renewed

> /var/log/cert_renew.log 2>&1
Finally, we are redirecting the output of the command to the /var/log/cert_renew.log file.

You can also use a similar line for testing the command, the below uses the “–force-renewal” flag that will renew all certificates even if they are not expired yet:

51 21 * * * /etc/letsencrypt/.ertbot-auto renew –force-renewal –no-random-sleep-on-renew –renew-hook ‘/sbin/service httpd restart’ > /var/log/cert_renew.log 2>&1

Leave a Reply

Your email address will not be published. Required fields are marked *