Automating Let’s Encrypt certificate Renewal using Certbot

Here, we’ll learn how to automate Let’s Encrypt’s SSL certificates using certbot. These instructions can be modified to automate any command.

Service unit file

A service unit file needs to be created at:
/etc/systemd/system/certbot-renewal.service

[Unit]
Description=Let's Encrypt certificate renewal using certbot

[Service]
Type=oneshot
ExecStart=certbot renew --quiet --agree-tos
ExecStartPost=service nginx restart

Timer unit file

The plan is to run the above renewal command every few weeks, as well as 15 minutes after the system boots up.

For this, a timer unit file needs to be created with the same name at:
/etc/systemd/system/certbot-renewal.timer

[Unit]
Description=Timer for Let's Encrypt's certificates renewal

[Timer]
OnBootSec=900
OnUnitActiveSec=2w
RandomizedDelaySec=1h
Persistent=true

[Install]
WantedBy=timers.target

Enable the timer

The timer can be enabled by the command:
systemctl enable --now certbot-renewal.timer

References: The steps above have been referenced from:

Leave a Reply

Your email address will not be published. Required fields are marked *