Auto-Renew “Let’s encrypt” SSL Certificate using certbot

| By Webner

Auto-Renew “Let’s encrypt” SSL Certificate using certbot

Make sure Domain is pointed to the server and should only be using IPv4 version. IPv6 will not work and you must have pre-configured the domain in apache configuration and make sure your default enabled ssl configuration must be disabled.

Certbot is an open-source utility available free of cost and helps to automate the renewal process of SSL certificates.

Now, follow the below steps to achieve this.

Step1. Fulfill prerequisites by running below command

sudo apt-get install software-properties-common

Step2. Make sure repo list source should be the universe

sudo add-apt-repository universe

Step3. Add the certbot repository

sudo add-apt-repository ppa:certbot/certbot

Step4. Now run update command

sudo apt-get update

Step5. Now, install the certbot utility

sudo apt-get install certbot python-certbot-apache

Step6. Enable ssl mod in ubuntu server if its not enabled earlier.

sudo a2enmod ssl

Step7. Restart apache server

sudo systemctl restart apache2

Step8. Run below command to get apache configurations about domain configured earlier.

sudo certbot --apache

Step9. You can test this before actually run it, use below command for a test run.

sudo certbot renew --dry-run

Note: the above command will not create any ssl just give a hint that your utility works fine.

sudo cp -a /etc/letsencrypt/ /home/user/Desktop/

Ste10. Now enter below in crontab for auto-renewal every midnight

# crontab -e
    55 23 * * * certbot renew --post-hook "systemctl reload apache2"

Note: The above cron job will execute daily but it will not change the certs until they are expired.

Leave a Reply

Your email address will not be published. Required fields are marked *