[Moderator’s note: This post is from 2015. Since then, the letsencrypt command has been renamed certbot, and you can renew by running “certbot renew”. You can also add that command to your crontab:
$ sudo crontab -e
# Add this to the crontab and save it:
* 7,19 * * * certbot -q renew
I created certificates using letsencrypt -a webroot --webroot-path /var/common-le-root/ -d example.com certonly
for some of my domains (actually I set the authenticator and webroot-path in cli.ini).
Running letsencrypt shows me that no installer is selected, letsencrypt certonly asks for domains as well as letsencrypt -i null (I’ve a script which runs after every letsencrypt run and checks whether services need to be restarted or not (based on the live certificates). Even setting renew-by-default did not changes anything.
How can I automate the renewal of issued certificates?
@eva2000 i like your script, but… if it fail to rennovate at 60 day send a mail to EMAIL in /etc/letsencrypt/webroot.ini.
what about first use expirydate and then letencrypt?
maybe more failsafe , example :
-cron launch a scripit every 3 day .
in this script something like :
if expirydate<15 rennovate ssl else nothing (or writesomewhere expirydate so not call openssl to check) have to fail 4 time before
if expirydate <5 send mail
an also try to rennovate 2 times before ssl exipres
I changed my cron file routine for letsencrypt ssl certificate auto renewal to check certificate expiry date every 9 days and run auto renewal only if certificate expiry date is less than 30 days. This will ensure if auto renewal fails for some reason on either side, that there’s 29/9 = ~ 3 more chances for auto renewal of ssl certificate
# webroot.ini general config ini
rsa-key-size = 2048
# Always use the staging/testing server
#server = https://acme-staging.api.letsencrypt.org/directory
# for beta invitees
server = https://acme-v01.api.letsencrypt.org/directory
# Uncomment and update to register with the specified e-mail address
email = myemail
# Uncomment to use a text interface instead of ncurses
text = True
agree-tos = True
renew-by-default = True
authenticator = webroot