3 posts / 0 new
Last post
NickJ's picture
Joined: 2017/05/04
Points: 20

Is there a way to auto-renew the SSL certs from Let's Encrypt before they expire?

matthewmalk248's picture
Joined: 2015/08/09
Points: 30

They auto-renew by default (at least mine do). Last time cut it kind of close though. It seemed to wait until there was only 2 days left before it renewed.

eeman's picture
Joined: 2007/11/06
Points: 220

they do not do it correctly though, if you use nagios to check your certificate you will see that however thirdlane is renewing the cert, its not actually reissuing and will report that its still expired, even though browsers seem to be OK with it.

I changed my /etc/nginx/conf.d/https/server/ssl_cert.conf entries to

ssl_certificate /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/privkey.pem;

now I just have to:
# service nginx stop
# ./certbot-auto renew
# service nginx renew

this could easily be scripted into a cron job. If I could figure out how to get webmin to show files from DocumentRoot without authentication I could do it with the --webroot engine of certbot and not even have to stop nginx while doing it.

Erik Smith
Thirdlane/Asterisk Support available