[Moderator’s note: This post is from 2015. Since then, the letsencrypt command has been renamed certbot, and you can renew by running “certbot renew”. You can also add that command to your crontab:
$ sudo crontab -e
# Add this to the crontab and save it:
* 7,19 * * * certbot -q renew
]
Hi,
I created certificates using letsencrypt -a webroot --webroot-path /var/common-le-root/ -d example.com certonly
for some of my domains (actually I set the authenticator and webroot-path in cli.ini).
Running letsencrypt shows me that no installer is selected, letsencrypt certonly asks for domains as well as letsencrypt -i null (I’ve a script which runs after every letsencrypt run and checks whether services need to be restarted or not (based on the live certificates). Even setting renew-by-default did not changes anything.
How can I automate the renewal of issued certificates?
@eva2000 i like your script, but… if it fail to rennovate at 60 day send a mail to EMAIL in /etc/letsencrypt/webroot.ini.
what about first use expirydate and then letencrypt?
maybe more failsafe , example :
-cron launch a scripit every 3 day .
in this script something like :
if expirydate<15 rennovate ssl else nothing (or writesomewhere expirydate so not call openssl to check) have to fail 4 time before
if expirydate <5 send mail
an also try to rennovate 2 times before ssl exipres
I changed my cron file routine for letsencrypt ssl certificate auto renewal to check certificate expiry date every 9 days and run auto renewal only if certificate expiry date is less than 30 days. This will ensure if auto renewal fails for some reason on either side, that there’s 29/9 = ~ 3 more chances for auto renewal of ssl certificate
the cron log would get pretty messy if you had say 100 domain/sites with ssl and each having their own cron running every day that’s an extra 100 entries per day
for my cron there’s auto email notification of failed renewals so you’d have up to 4 email notification if all initial + subsequent 3 auto renewals failed.
Using this method had worked until about a day or two ago after running “git pull” to update my official LE client; I know get this error upon a renewal attempt:
letsencrypt: error: agree-dev-preview set to ‘True’ rather than a value
what’s going on now? is it related to the public beta or a client update or elsewhere? Thanks.
# webroot.ini general config ini
rsa-key-size = 2048
# Always use the staging/testing server
#server = https://acme-staging.api.letsencrypt.org/directory
# for beta invitees
server = https://acme-v01.api.letsencrypt.org/directory
# Uncomment and update to register with the specified e-mail address
email = myemail
# Uncomment to use a text interface instead of ncurses
text = True
agree-tos = True
renew-by-default = True
authenticator = webroot