Saturday 4 March 2017

Let's Encrypt SSL Recipes -- Renewing certificates

In the previous post I explained how to obtain a Let's Encrypt SSL certificate for free.

Let's Encrypt certificates, when they are issued, are only valid for 90 days.  However it costs nothing to renew them and the process for doing so is easy.

You can run the certbot program daily or weekly (your choice) to automatically renew the certificates when they are ready for renewal.  You can create a cron script to do this for you automatically:

cat << EOFRENEW > /etc/cron.weekly/certbot-renew
#!/bin/sh

/root/bin/certbot-auto renew --quiet
EOFRENEW
chmod +x /etc/cron.weekly/certbot-renew

This will create a script that will run weekly and renew any certificates that need renewing.

Once the certificate has been renewed you will need to restart Apache or nginx (or any other programs using the certificate) so you need to plan a short outage window to do that.

No comments:

Post a Comment