First of all, what is let’s encrypt? You can find more details here https://letsencrypt.org/how-it-works/
” The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server. “
Previously in the year of 2018 you had to create a cron job to renew the let’s encrypt certificates, but it has changed in the year 2019. In the case of using Let’s Encrypt is a simple way and free
##Repository add sudo add-apt-repository ppa:certbot/certbot ##Install certbot with nginx sudo apt-install python-certbot-nginx ##Executing this command will insert the new cert to your nginx server sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email firstname.lastname@example.org -d szeles.me ## - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/szeles.me/fullchain.pem
You have received your Let’s Encrypt certificate for free and this certificate will expire within 3 months, however, you don’t have to do anything else in the near future. Why? Because of managed by certbot. Run the following code:
Here you can find the certbot.timer
cd /lib/systemd/system nano certbot.timer [Unit] Description=Run certbot twice daily [Timer] OnCalendar=*-*-* 00,12:00:00 RandomizedDelaySec=43200 Persistent=true [Install] WantedBy=timers.target
It will execute the following command:
nano certbot.service [Unit] Description=Certbot Documentation=file:///usr/share/doc/python-certbot-doc/html/index.html Documentation=https://letsencrypt.readthedocs.io/en/latest/ [Service] Type=oneshot ExecStart=/usr/bin/certbot -q renew PrivateTmp=true
The certbot.timer will execute the certbot service-t at midnight and noon (within a random time frame in 12 hours.) This will execute the renew cmd.
ExecStart=/usr/bin/certbot –q renew
In case of system.d has been blocked the cronjob will run.
At the end of the code you can see first the systemd will be tested and in case it has been blocked, will the cron job run only.