How to install automated certbot/LetsEncrypt renewal in 30 seconds
Let’s Encrypt currently issues certificates for 3 months at a time only. For many users, this mandates automated renewal of Let’s Encrypt certificates, however many manuals how to install automated renewals on ordinary Linux servers are needlessly complicated.
I created a systemd-timer based daily renewal routine using TechOverflow’s Simple systemd timer generator.
Quick install using
wget -qO- https://techoverflow.net/scripts/install-renew-certbot.sh | sudo bash
This is the script which automatically creates & installs both systemd config files.
#!/bin/sh
# This script installs automated certbot renewal onto systemd-based systems.
# It requires that certbot is installed in /usr/bin/certbot!
# This needs to be run using sudo!
cat >/etc/systemd/system/RenewCertbot.service <<EOF
[Unit]
Description=RenewCertbot
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew
WorkingDirectory=/tmp
EOF
cat >/etc/systemd/system/RenewCertbot.timer <<EOF
[Unit]
Description=RenewCertbot
[Timer]
OnCalendar=daily
Persistent=true
[Install]
WantedBy=timers.target
EOF
# Enable and start service
systemctl enable RenewCertbot.timer && sudo systemctl start RenewCertbot.timer
To view logs, use
journalctl -xfu RenewCertbot.service
To view the status, use
sudo systemctl status RenewCertbot.timer
To immediately run a renewal, use
sudo systemctl start RenewCertbot.service