Skip to main content

LetsEncrypt Auto Renew

Posted by NickJ on Sun, 01/28/2018

Is there a way to auto-renew the SSL certs from Let's Encrypt before they expire?
Nick


Submitted by matthewmalk248 on Tue, 01/30/2018 Permalink

They auto-renew by default (at least mine do). Last time cut it kind of close though. It seemed to wait until there was only 2 days left before it renewed.

Submitted by eeman on Wed, 02/07/2018 Permalink

they do not do it correctly though, if you use nagios to check your certificate you will see that however thirdlane is renewing the cert, its not actually reissuing and will report that its still expired, even though browsers seem to be OK with it.

I changed my /etc/nginx/conf.d/https/server/ssl_cert.conf entries to

ssl_certificate /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/privkey.pem;

now I just have to:
# service nginx stop
# ./certbot-auto renew
# service nginx renew

this could easily be scripted into a cron job. If I could figure out how to get webmin to show files from DocumentRoot without authentication I could do it with the --webroot engine of certbot and not even have to stop nginx while doing it.