Auto Renew Let’s Encrypt Certificates using Certbot

Let’s encrypt SSL certificates are issued for 90 days by default. After 90 days, you need to renew your SSL certificate. You can renew your Let’s Encrypt SSL certificate before 30 days of expiration. Renewal can be done manually or via cron job.

This simple tutorial will help you to auto-renew Let’s Encrypt SSL certificates automatically for an Apache server. Your crontab script will handle certificate renewal well before expiration of your SSL certificate.

How to Renew Let’s Encrypt SSL Certificate

Certbot command-line utility provides users the option to renew SSL certificates before expiration.

Before performing the actual renewal, you can perform a dry run to verify that certbot is going to work properly. In order to verify, run the following command in the terminal:

sudo certbot renew --dry-run

Follow instructions shown on the screen to verify the renewal.  On successful execution of the above command you can run the following command to renew all the certificates.

sudo certbot renew

The above command will renew all the SSL certificates pending renewal.

Configure Auto-Renew Let’s Encrypt Certificates

In the previous step, we verified that certbot was working properly.

In the next step, we can configure the certbot command in the crontab, to be run on certain intervals. In our example we will  configure our cron job script to be run once a day.

Edit crontab with the following command:

crontab -e

Append the following command at end of the file:

# Auto-renew let's encrypt SSL certificates 
0 * * * * sudo certbot renew

Save the file and exit the editor. You are all done.

Conclusion

In this tutorial we have scheduled the certbot to auto-renew Let’s Encrypt SSL certificates before they expire.

Leave a Reply