How To Auto Renew Let’s Encrypt SSL Certificates

Auto Renew Let’s Encrypt SSL Certificates

In this tutorial, we will show you how to Auto Renew Let’s Encrypt SSL Certificates on your Linux server. For those of you who didn’t know, Let’s Encrypt is a free open certificate authority (CA) that provides free certificates for websites and other services. The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai. Unfortunately, LetsEncrypt.org certificates currently have a 3 month lifetime. This means you’ll need to renew your certificate quarterly for now.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple and assumes you are running in the root account, if not you may need to add ‘sudo‘ to the commands to get root privileges.

Let’s Encrypt SSL certificates will get expired after 90 days of installation and you must renew them before it gets expired. If you have installed certificates using certbot then it must have already created a cronjob to auto-renew certificates. For custom installation you can create similar cronjob too. Lets learn how certbot’s auto-renew job works.

Auto Renew Let’s Encrypt SSL Certificates

Step 1. Certbot Renew Command.

Certbot comes with a script to renew existing certificates. You can test the renewal script with a single dry run like below:

sudo certbot renew --dry-run

If above test succeeds then create a cron job that will run this script for configured intervals.

Step 2. Certbot Auto-Renew Cron Job.

When you install certificates using certbot it automatically creates cron job to renew certificates. You can check this cron job depending on your operating system. For example in Debian certbot auto-renew cronjob can be found at /etc/cron.d/certbot:

nano /etc/cron.d/certbot
# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot  -a \! -d /run/systemd/system &&  perl -e 'sleep int(rand(43200))' &&  certbot -q renew

Congratulations! You have successfully renewed Let’s Encrypt Certificates. Thanks for using this tutorial for auto-renew Let’s Encrypt SSL Certificates on the Linux system. For additional help or useful information, we recommend you check the official Let’s Encrypt website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get a best deal!