Automatic renewal of a certificate

Help
1

I followed the step 5: https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ to renew my certificate automatically.

I created a renew-certificate.sh in /opt/letsencrypt/scripts:
image

And plan to run this script every 1st day of the month with crontab:
image

My certificate was delivered the 23rd of April 2020 until the 22nd of July 2020.
Nevertheless, we are the 4th of May and I supposed my script didn’t work because the issue date of my certificate didn’t change (still the 23rd of April).

What I understand is my script should run every first day of the month and the issue date of my certificate should change every month. Am I right ?
My script run but the renewal didn’t work ? (My script backupDB.sh works well by the way)

Thank for your explanation.

2

Hi @farang1991

that's wrong. Please renew your certificate after 60 days. That's enough.

Letsencrypt certificates are free to use. But it's not the idea to create new certificates every 30 day.

3

Thanks @JuergenAuer for your reply.
I’m okay to renew it every 2 months and 29 days :sweat_smile:

I understood that crontab could run a script only every minute, hour, day, every week or every month.

So with my configuration, is it because I tryed to renew my certificate too early (before 60 days) or it’s because my script didn’t work ?

4

If you configured your script exactly like the steps on Bitnami, you forgot step 3 completely.
Since you didn’t provide any information regard your domain, I don’t know. (I guess @JuergenAuer won’t know either).

You shouldn’t expect to issue one certificate per a short period of days without any reason, it’s not only excessive waste of resources, but also useless and might be considered abusive. (Remember, even if Let’s Encrypt won’t charge you for that certificate, it still costs Let’s Encrypt to issue one).
Under normal circumstances, you should consider issue one certificate every 60-90 days.
Also, I believe Lego (the client Bitnami used) have the ability to renew certificate, so please don’t bother create new certificates rapidly. You might also hit rate limit pretty quickly.

Your script definitely runs, but I don’t know what should happen after that, as you didn’t provide enough information.

P.S. I’m not a Let’s Encrypt employee, so above opinions are personal.

5

@stevenzhu, I did the step 3, I can reach my website with https//…
My web server is configured with my certificate:

image
image1272×211 9.38 KB

I understand it’s useless to renew a certificate for a short time, I agree with you.
I have already issue a certificate, I don’t want to issue a new, I want to renew it. How can I configure crontab to renew it every 60 days ?

6

If you followed step 5 on that document and did all things correctly, that script should be executable. However, Lego (the client you used) won't force renew that certificate every day. Instead, it will check the certificate every day when you execute that script, and renew only when it's close to expiry (generally 30 days left).

7

okay thank you @stevenzhu, I didn’t know lego doesn’t renew a certificate if the expiration date is more than 30 days left.
So I guess I have to wait until 1st of July to know it’s working or not :sweat_smile:

8

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.