rss.png profile for ebal on Stack Exchange, a network of free, community-driven Q&A sites
Let’s Encrypt - Auto Renewal

Let’s Encrypt

I’ve written some posts on Let’s Encrypt but the most frequently question is how to auto renew a certificate every 90 days.


This is my mini how-to, on centos 6 with a custom compiled Python 2.7.13 that I like to run on virtualenv from latest git updated certbot. Not a copy/paste solution for everyone!


Cron doesnt not seem to have something useful to use on comparison to 90 days:


Modification Time

The most obvious answer is to look on the modification time on lets encrypt directory :

eg. domain:

# find /etc/letsencrypt/live/ -type d -mtime +90 -exec ls -ld {} \;

# find /etc/letsencrypt/live/ -type d -mtime +80 -exec ls -ld {} \;

# find /etc/letsencrypt/live/ -type d -mtime +70 -exec ls -ld {} \;

# find /etc/letsencrypt/live/ -type d -mtime +60 -exec ls -ld {} \;

drwxr-xr-x. 2 root root 4096 May 15 20:45 /etc/letsencrypt/live/


# openssl x509 -in <(openssl s_client -connect 2>/dev/null) -noout -enddate


If you have registered your email with Let’s Encrypt then you get your first email in 60 days!


Here are my own custom steps:

#  cd /root/certbot.git
#  git pull origin 

#  source venv/bin/activate && source venv/bin/activate
#  cd venv/bin/

#  monit stop httpd 

#  ./venv/bin/certbot renew --cert-name --standalone 

#  monit start httpd 

#  deactivate


I use monit, you can edit the script accordingly to your needs :



## Update certbot
cd /root/certbot.git
git pull origin 

# Enable Virtual Environment for python
source venv/bin/activate && source venv/bin/activate 

## Stop Apache
monit stop httpd 

sleep 5

## Renewal
./venv/bin/certbot renew  --cert-name ${DOMAIN} --standalone 

## Exit virtualenv

## Start Apache
monit start httpd

All Together

# find /etc/letsencrypt/live/ -type d -mtime +80 -exec /usr/local/bin/ \;

Systemd Timers

or put it on cron

whatever :P

Tag(s): letsencrypt