In this post I have described how to manually renew Let’s Encrypt SSL certificate. Here I describe how to configure a cronjob to automatically renew my certificates when they are about to expire.
Setup default AMI editor to
$ export EDITOR=nano
$ crontab -e
Add the following:
17 */12 * * * mv /var/www/html/.htaccess /var/www/html/.htaccess_ && /usr/local/letsencrypt/letsencrypt-auto certonly --webroot -w /var/www/html -d lucaslouca.com -d www.lucaslouca.com --config /etc/letsencrypt/config.ini --agree-to --quiet && mv /var/www/html/.htaccess_ /var/www/html/.htaccess && rm -rf /var/www/html/.well-known/
&& operator makes sure the commands are run sequentially.
--quiet flag is to silence all output except errors. Since certificates are only renewed when they’re determined to be near expiry, the command can run on a regular basis, like every week or every day). That is why you want to use the
--quiet quiet flag to silence all output except errors.
This cron job will run twice a day, it will check if your will expire in less than 30 days, if it doesn’ it will do nothing, if it will expire in less than 30 days it will try to issue a new cert using the same paramaters as the first time you issued your cert.
Scheduling Tasks with Cron Jobs