Default let’s encrypt SSL certificates are issued for 90 days only. After this, you need to renew your SSL certificates. Let’s encrypt allows the SSL renewal before 30 days of expiration. You can perform the renewal manually or configure auto-renewal using crontab.
This tutorial will help you to auto-renew Let’s Encrypt SSL certificates automatically. The certbot script will take care of certificate renewal before expiration.
How to Renew Let’s Encrypt SSL
Certbot command-line utility provides users the option to renew SSL certificates before expiration.
Before running the actual renewal process, you can do a dry run to verify that certbot is working properly. Run the following command on terminal to verify:
sudo certbot renew --dry-run
On successful execution of the above command. You can run the following command to renew all the certificates by running the following command.
sudo certbot renew
The above command will renew all the SSL certificates pending renewal.
Configure Auto-Renew Let’s Encrypt Certificates
In the previous step, you can verify that certbot is working properly.
Now, you can configure the same command in the crontab, to run it periodically. You can configure this script once a day. Edit crontab with the following command:
crontab -e
Append the following command at end of file:
# Auto-renew let's encrypt SSL certificates 0 * * * * sudo certbot renew
Save the file and close it.
All done.
Wrap Up
You have successfully scheduled the certbot to auto-renew Let’s Encrypt SSL certificates before expiration. Remember that the renewal process also performs domain validations. So take care of it also.
2 Comments
certbot-auto is deprecated, so this instruction is now useless
Hi Rahul, can this also be used in a kubernetes environment? If yes, where should this cronjob be running? Regards, J