Let’s encrypt auto-update

First of all, what is let’s encrypt? You can find more details here https://letsencrypt.org/how-it-works/

” The objective of Let’s Encrypt and the ACME protocol is to make it possible to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. This is accomplished by running a certificate management agent on the web server. “

Previously in the year of 2018 you had to create a cron job to renew the let’s encrypt certificates, but it has changed in the year 2019. In the case of using Let’s Encrypt is a simple way and free

##Repository add
sudo add-apt-repository ppa:certbot/certbot
##Install certbot with nginx
sudo apt-install python-certbot-nginx
##Executing this command will insert the new cert to your nginx server
sudo certbot --nginx --agree-tos --redirect --hsts --staple-ocsp --email itengineersblog@gmail.com -d szeles.me
## - Congratulations! Your certificate and chain have been saved at:

You have received your Let’s Encrypt certificate for free and this certificate will expire within 3 months, however, you don’t have to do anything else in the near future. Why? Because of managed by certbot. Run the following code:

systemctl list-timers

Here you can find the certbot.timer

cd /lib/systemd/system
nano certbot.timer

Description=Run certbot twice daily

OnCalendar=*-*-* 00,12:00:00


It will execute the following command:

nano certbot.service

ExecStart=/usr/bin/certbot -q renew

The certbot.timer will execute the certbot service-t at midnight and noon (within a random time frame in 12 hours.) This will execute the renew cmd.

ExecStart=/usr/bin/certbot –q renew

In case of system.d has been blocked the cronjob will run.

At the end of the code you can see first the systemd will be tested and in case it has been blocked, will the cron job run only.

2 thoughts on “Let’s encrypt auto-update

  • 9th December 2019 at 11:16 pm

    It抯 really a great and useful piece of info. I抦 satisfied that you simply shared this useful information with us. Please keep us informed like this. Thanks for sharing.


Leave a Reply

Your email address will not be published. Required fields are marked *