Let’s Encrypt currently issues certificates for 3 months at a time only. For many users, this mandates automated renewal of Let’s Encrypt certificates, however many manuals how to install automated renewals on ordinary Linux servers are needlessly complicated.
I created a systemd-timer based daily renewal routine using TechOverflow’s Simple systemd timer generator.
Quick install using
wget -qO- https://techoverflow.net/scripts/install-renew-certbot.sh | sudo bash
This is the script which automatically creates & installs both systemd config files.
#!/bin/sh # This script installs automated certbot renewal onto systemd-based systems. # It requires that certbot is installed in /usr/bin/certbot! # This needs to be run using sudo! cat >/etc/systemd/system/RenewCertbot.service <<EOF [Unit] Description=RenewCertbot [Service] Type=oneshot ExecStart=/usr/bin/certbot renew WorkingDirectory=/tmp EOF cat >/etc/systemd/system/RenewCertbot.timer <<EOF [Unit] Description=RenewCertbot [Timer] OnCalendar=daily Persistent=true [Install] WantedBy=timers.target EOF # Enable and start service systemctl enable RenewCertbot.timer && sudo systemctl start RenewCertbot.timer
To view logs, use
journalctl -xfu RenewCertbot.service
To view the status, use
sudo systemctl status RenewCertbot.timer
To immediately run a renewal, use
sudo systemctl start RenewCertbot.service