Automating Let’s Encrypt certificate Renewal using Certbot

Here, we’ll learn how to automate Let’s Encrypt’s SSL certificates using certbot. These instructions can be modified to automate any command.

Service unit file

A service unit file needs to be created at:
/etc/systemd/system/certbot-renewal.service

[Unit]
Description=Let's Encrypt certificate renewal using certbot

[Service]
Type=oneshot
ExecStart=certbot renew --quiet --agree-tos
ExecStartPost=service nginx restart

Timer unit file

The plan is to run the above renewal command every few weeks, as well as 15 minutes after the system boots up.

For this, a timer unit file needs to be created with the same name at:
/etc/systemd/system/certbot-renewal.timer

[Unit]
Description=Timer for Let's Encrypt's certificates renewal

[Timer]
OnBootSec=900
OnUnitActiveSec=2w
RandomizedDelaySec=1h
Persistent=true

[Install]
WantedBy=timers.target

Enable the timer

The timer can be enabled by the command:
systemctl enable --now certbot-renewal.timer

References: The steps above have been referenced from:

Cleaning up the boot partition on Ubuntu

As a part of maintenance, we will learn how to remove old kernels from an Ubuntu machine

Here’s how to clean your boot partition on Ubuntu or similar Debian based systems

Reboot the machine

It is important that the latest kernel is in use while cleaning up the old kernels. A simple reboot will ensure that the latest kernel is in use.

Check the current kernel version

The current kernel version can be checked using the following command:

uname -r

Show a list of installed kernels

Next, we need to fetch a list of all the installed kernels. This can be obtained using the following command:

dpkg --list 'linux-image*' | grep ^ii

Alternatively, an easier form would be:

sudo dpkg --list 'linux-image*' | awk '{ if ($1=="ii") print $2}' | grep -v `uname -r`

Remove the old kernels

We now need to remove the unused kernels from the step above. The following command needs to be executed for every unused version:

sudo apt purge linux-image-VERSION

Remove dependencies

With the old kernels removed, we now need to remove the dependencies by using:

sudo apt --purge autoremove

Update grub

Finally, we need to update grub to use the latest kernel.

sudo update-grub

And that should be it!


Disclaimer: The steps above have been tested with Ubuntu 18.xx and above. Replace apt with apt-get for older versions.


References: The steps above have been referenced from:

  1. StackOverflow (https://askubuntu.com/questions/345588/what-is-the-safest-way-to-clean-up-boot-partition)
  2. github (https://gist.github.com/ipbastola/2760cfc28be62a5ee10036851c654600)