Certificates renewal can be difficult to automate leading to errors that will mark the website as “Insecure”.
Here’s how to automate certificate renewal on CentOS 7 with nginx as webserver:
su - (root password) crontab -e
And then add to the crontab these lines pressing A to edit:
37 02 * * * /usr/local/sbin/certbot-auto renew 39 02 * * * /usr/bin/systemctl reload nginx
Every day at 02.37 the certificate will be asked for renewal. Two minutes later nginx will be restarted.
After you’ve typed these lines, type:
To write and quit. You’ll get this message:
crontab: installing new crontab
Other Linux distributions
If you’re using a different Linux OS you can locate certbot-auto using the following command:
And then you can use it on the crontab.
You’ve also to use the alternative of systemctl for your system to refresh the certificates on the webserver.
If you’ve to do get your first certificate, here you can get more information about how to install free Let’s Encrypt certificates on nginx.
When auto-renew certificates
Since certificates lasts for about three months, you can tell crontab to run this every week instead every day.
To do so, change the lines on crontab like this:
37 02 * * 0 /usr/local/sbin/certbot-auto renew 39 02 * * 0 /usr/bin/systemctl reload nginx
Adding the 0 on the 5th position will tell crontab to run the command every Sunday at 2 AM (2nd position) and 37 minutes (1st position).
If you find this syntax difficult you can use crontab.guru to easily generate the crontab.