2016-05-16 Renewing letsencrypt certificates via crontab

Last time, I showed how I installed the LetsEncrypt certificates but not how to automatically renew them. To do so, create a file and call it, say, "letsencrypt.sh" or something, then move it to a directory of your choice. /opt was empty so I put it there. Adapt the webroot and domain parameters of course. This works on Debian 8.0 so your mileage may vary.

  letsencrypt certonly --force-renewal --webroot -w /var/www/example.com -d example.com
  service apache2 reload

The --force-renewal is there because we renew monthly, while the certs are valid for three months and the client warns about this.

Now create a file in /etc/cron.d so the script gets called. Be sure to not just call it on midnight the 1st of every month -- we want to call it at some particular randomly chosen moment so the letsencrypt people don't get hit with a deluge of calls every 1st of the month. So create a file named "letsencrypt" in /etc/cron.d with the following line:

  33 5 21 * *     root   /opt/letsencrypt.sh

This particular example will call the script on the 33rd minute, on the 5th hour, and on the 21st day of the month. In other words, it'll get called once on 5:33 AM every month. Make up some values for your particular case.

It's prudent to now put a marker after this date in your calendar, to actually check whether the renewal succeeded.

As an aside, the letsencrypt package is called certbot nowadays. It's at version 7. It might be better to follow their instructions :)