How Do You Automate Let's Encrypt SSL Renewals for Multiple Domains on a Single Server?

Hi Let's Encrypt Community,

I’m managing a server with multiple domains and want to streamline Let's Encrypt SSL certificate renewals. What’s your approach for automating renewals across several domains?

Details:

• Setup: Running a VPS with Ubuntu 22.04, Nginx, hosting 5 domains (2025). Using Certbot for Let's Encrypt certificates.
• Context: Following Let's Encrypt’s docs, I’ve set up certificates for each domain, but manual renewals are time-consuming. Rate limits are a concern.
• Steps Tried:
  • Used certbot --nginx for initial setup; certificates work but renewals need manual triggers.
  • Set up a cron job for certbot renew, but hit issues with domain-specific configs.
  • Explored Traefik for automation but found it complex for my setup.
• Goal: Fully automate renewals for all domains with minimal errors and rate limit risks.

Questions:

• What tools or scripts do you use to automate renewals for multiple domains?
• How do you handle rate limits when managing multiple certificates?
• Any tips for integrating Certbot or other ACME clients into Nginx workflows?
• For those with smooth multi-domain setups, what’s your process?

Thanks for your insights!

Why?

What issues?

None, just a cronjob.

With just a few certs: not. Rate limits are only an issue if you have like, hundreds of certs perhaps.

#define "workflow"?

I'm afraid you're not really giving enough information to provide meaningful advice.

E.g., you mention "issues", but those issues probably shouldn't be issues. However, with just the "issues" statement, we can't dive deeper into what those issues might be. We'd need detailed information for that regarding what issue you're facing.

Than Caddy.

Installing Certbot on Ubuntu usually sets up a systemd timer to run renew command. While cronjob works too it would just duplicate this timer.

What do you mean by "manual triggers"? The --nginx option should not require manual interaction and is well-supported by the Certbot renew command

Maybe the best way forward is to show result of this command

sudo certbot renew --dry-run

The --dry-run will not affect your existing server config or your production certs.

Hi @MikeMcQ,

Thanks for the helpful reply and for pointing out the systemd timer! By “manual triggers,” I meant I’ve had to manually run certbot renew for some domains because the cron job I set up fails due to config mismatches (e.g., nginx not finding certain domain configs). I wasn’t aware the systemd timer was already handling renewals—good catch!

I ran sudo certbot renew --dry-run as suggested, and here’s the output snippet:

Processing /etc/letsencrypt/renewal/example.com.conf
- Cert not due for renewal, but simulating renewal for dry run
- nginx: [error] invalid server_name or missing server_name directive

Seems nginx is tripping up on a few domains. Any tips for fixing nginx config errors during renewals? Should I tweak the renewal conf files or adjust nginx server blocks?

Appreciate your guidance!

Best,
David James

That is an nginx error you need to correct. Run this which may give more specifics about which config file and line number is at fault.

sudo nginx -t

Or, just manually review all your server blocks to ensure they have a correct server_name

PS: Your prior post may have been flagged because of the unrelated link to your yes/no site. Please omit that from future posts.

Thanks for the advice and note about the flagged link—sorry, I’ll keep posts focused.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.