Certbot: auto-renew LetsEncrypt certificate on cron

Certificates renewal can be difficult to automate leading to errors that will mark the website as “Insecure”.

Here’s how to automate certificate renewal on CentOS 7 with nginx as webserver:

su -
(root password)
crontab -e

And then add to the crontab these lines pressing A to edit:

37 02 * * * /usr/local/sbin/certbot-auto renew
39 02 * * * /usr/bin/systemctl reload nginx

Every day at 02.37 the certificate will be asked for renewal. Two minutes later nginx will be restarted.

After you’ve typed these lines, type:

:wq

To write and quit. You’ll get this message:

crontab: installing new crontab

Other Linux distributions

If you’re using a different Linux OS you can locate certbot-auto using the following command:

whereis certbot-auto

And then you can use it on the crontab.

You’ve also to use the alternative of systemctl for your system to refresh the certificates on the webserver.

If you’ve to do get your first certificate, here you can get more information about how to install free Let’s Encrypt certificates on nginx.

When auto-renew certificates

Since certificates lasts for about three months, you can tell crontab to run this every week instead every day.

To do so, change the lines on crontab like this:

37 02 * * 0 /usr/local/sbin/certbot-auto renew
39 02 * * 0 /usr/bin/systemctl reload nginx

Adding the 0 on the 5th position will tell crontab to run the command every Sunday at 2 AM (2nd position) and 37 minutes (1st position).

If you find this syntax difficult you can use crontab.guru to easily generate the crontab.

Advertisements

One thought on “Certbot: auto-renew LetsEncrypt certificate on cron

  1. Pingback: Free SSL certificates and how to install on nginx in 10 steps | chirale

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s