Securing your website with an SSL certificate is essential for protecting user data and building trust. Let's Encrypt offers free SSL certificates that need to be renewed every 90 days. Automating this renewal process saves time and ensures your website remains secure without manual intervention.
Prerequisites
- A server with root or sudo access
- Domain name pointing to your server
- Certbot installed on your server
- Basic knowledge of command line interface
Installing Certbot
Certbot is the recommended tool for obtaining and renewing Let's Encrypt certificates. To install Certbot, follow the instructions specific to your operating system. For example, on Ubuntu:
Run:
sudo apt-get update
sudo apt-get install certbot
Obtaining Your First SSL Certificate
To request a new SSL certificate for your domain, use Certbot with the following command:
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com
This command automatically configures your web server and obtains the certificate. Replace yourdomain.com with your actual domain name.
Automating Renewal
Certbot comes with a built-in renewal feature that checks and renews certificates automatically. To test renewal, run:
sudo certbot renew --dry-run
If the dry run succeeds, you can set up a scheduled task to handle renewals automatically. On most systems, Certbot installs a cron job or systemd timer by default. To verify, run:
systemctl list-timers | grep certbot
Setting Up Automatic Renewal
If not already configured, you can add a cron job manually. Edit your crontab with:
sudo crontab -e
Add the following line to run renewal twice daily:
0 0,12 * * * /usr/bin/certbot renew --quiet
Conclusion
Automating SSL certificate renewal with Let's Encrypt and Certbot ensures your website remains secure with minimal effort. Regularly test your renewal process to avoid unexpected certificate expiration and maintain trust with your visitors.