Here, we’ll learn how to automate Let’s Encrypt’s SSL certificates using certbot. These instructions can be modified to automate any command.
Service unit file
A service unit file needs to be created at:/etc/systemd/system/certbot-renewal.service
[Unit]
Description=Let's Encrypt certificate renewal using certbot
[Service]
Type=oneshot
ExecStart=certbot renew --quiet --agree-tos
ExecStartPost=service nginx restartTimer unit file
The plan is to run the above renewal command every few weeks, as well as 15 minutes after the system boots up.
For this, a timer unit file needs to be created with the same name at:/etc/systemd/system/certbot-renewal.timer
[Unit]
Description=Timer for Let's Encrypt's certificates renewal
[Timer]
OnBootSec=900
OnUnitActiveSec=2w
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.targetEnable the timer
The timer can be enabled by the command:systemctl enable --now certbot-renewal.timer
References: The steps above have been referenced from:
- Github gist (https://gist.github.com/dbirks/0b659a149cab038ef696fd8a6274c48b)
- Steven Westmoreland’s Blog (https://stevenwestmoreland.com/2017/11/renewing-certbot-certificates-using-a-systemd-timer.html)
- ArchWiki (https://wiki.archlinux.org/index.php/Certbot#systemd)