Auto-Renew “Let’s encrypt” SSL Certificate using certbot
Make sure Domain is pointed to the server and should only be using IPv4 version. IPv6 will not work and you must have pre-configured the domain in apache configuration and make sure your default enabled ssl configuration must be disabled.
Certbot is an open-source utility available free of cost and helps to automate the renewal process of SSL certificates.
Now, follow the below steps to achieve this.
Step1. Fulfill prerequisites by running below command
sudo apt-get install software-properties-common
Step2. Make sure repo list source should be the universe
sudo add-apt-repository universe
Step3. Add the certbot repository
sudo add-apt-repository ppa:certbot/certbot
Step4. Now run update command
sudo apt-get update
Step5. Now, install the certbot utility
sudo apt-get install certbot python-certbot-apache
Step6. Enable ssl mod in ubuntu server if its not enabled earlier.
sudo a2enmod ssl
Step7. Restart apache server
sudo systemctl restart apache2
Step8. Run below command to get apache configurations about domain configured earlier.
sudo certbot --apache
Step9. You can test this before actually run it, use below command for a test run.
sudo certbot renew --dry-run
Note: the above command will not create any ssl just give a hint that your utility works fine.
sudo cp -a /etc/letsencrypt/ /home/user/Desktop/
Ste10. Now enter below in crontab for auto-renewal every midnight
# crontab -e 55 23 * * * certbot renew --post-hook "systemctl reload apache2"
Note: The above cron job will execute daily but it will not change the certs until they are expired.