In this tutorial (which is an extension of part 2 and part 1 of a tutorial series for setting up letsencrypt on nginx) we’ll show you how to setup a BASH script that will automate the renewal of your certificates. This should enable you to sit back and have your Lets Encrypt SSL certificates automatically renew with a cron job that runs in the background on an interval.
- Add the following to /root/letsencrypt/cli.ini
INI1234567authenticator = webrootwebroot-path = /home/yoursite.com/server = https://acme-v01.api.letsencrypt.org/directoryrenew-by-defaultagree-dev-previewagree-tosemail = firstname.lastname@example.org
- In the file above, change /home/yoursite.com/ to the document root of the site in question, and change the email@example.com to whatever email address you’d like to use for emailing when things fail.
- Add the following to /root/letsencrypt/letsrenew.sh
Shell1234567891011#!/bin/bashcd /root/letsencrypt/./letsencrypt-auto --config /root/letsencrypt/cli.ini -d yoursite.com -d www.yoursite.com certonlyif [ $? -ne 0 ]thenERRORLOG=`tail /var/log/letsencrypt/letsencrypt.log`echo -e "The Lets Encrypt Cert has not been renewed! \n \n" $ERRORLOG | mail -s "Lets Encrypt Cert Alert" firstname.lastname@example.org -t && nginx -s reloadfi
- In the file above, change yoursite.com and www.yoursite.com to your domain that you want to renew the SSL certificate(s) for, and change email@example.com to whatever email address you’d like to use for emailing when things fail.
- Add the following to crontab -e
Shell10 0 1 * * /root/letsencrypt/letsrenew.sh
- (optional) Add the following to your bash profile with: vim ~/.bash_profile
Shell12# Easily renew Let's Encrypt SSL cert by typing letsrenewalias letsrenew=/root/letsencrypt/letsrenew.sh
This just allows you to type letsrenew in your terminal to renew your certificates whenever you want. The cron job we added in step 5 should automate this part for you, so this is just an added convenience.
As always, if you have any issues or questions about this process, feel free to drop a comment below and I’ll try to help you troubleshoot whatever issues you’re having. Please remember to include as much detail as possible when you comment as it will help to better understand your issues.