Script setup Let’s Encrypt Certbot auto renew. Today I will introduce you to a small utility script.
I also had another article about setting up auto renew Certbot for Nginx.
You see, having the Let’s Encrypt SSL certificate expire every 3 months will make you a bit uncomfortable.
Anyhow, it’s free and works well so there’s no reason to give it up. If you want to set up auto renew manually on the server then read my post.
If you want to get things done quickly, do the following.
Script setup Let’s Encrypt Certbot auto renew
Table of Contents
This is the link to the script file that I uploaded to Gitlab. You can view and download it for free.
The script is quite simple, it only consists of 3 functions. A function used to create a timer file for Certbot Renewal. A function used to create a service file for Certbot Renewal. And the last function is the main function, which is used to call the other functions and print the necessary results on the screen.
Use the script
And now, to use this script, you do the following operations.
Step 1: Download the script
Run the following command to download to your server.
wget https://gitlab.com/Danny_Pham/WriteBash.com/raw/master/Utilities/12-Script_setup_renew_certbot_nginx.sh -O /tmp/renew_certbot.sh
Step 2: Assign execution to the script
You run the following command.
chmod +x /tmp/renew_certbot.sh
Step 3: Execute the script.
With the following command.
cd /tmp && ./renew_certbot.sh
And the result after executing the script looks like the following, congratulations for your success.
[root@proxy ~]# cd /tmp && ./renew_certbot.sh
====================================
= STATUS CERTBOT RENEWAL TIMER =
====================================
● certbot-renewal.timer - Timer for Certbot Renewal
Loaded: loaded (/etc/systemd/system/certbot-renewal.timer; enabled; vendor preset: disabled)
Active: active (waiting) since Tue 2020-01-07 12:01:18 +07; 22h ago
Jan 07 12:01:18 proxy.local systemd[1]: Started Timer for Certbot Renewal.
======================================
= STATUS CERTBOT RENEWAL SERVICE =
======================================
-- Logs begin at Thu 2020-01-02 17:06:27 +07, end at Wed 2020-01-08 10:58:33 +07. --
Jan 07 12:01:18 proxy.local systemd[1]: Started Certbot Renewal.
Jan 07 12:01:18 proxy.local certbot[45677]: Saving debug log to /var/log/letsencrypt/letsencrypt.log
Jan 07 12:01:18 proxy.local certbot[45677]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 07 12:01:18 proxy.local certbot[45677]: Processing /etc/letsencrypt/renewal/dev.abc.com.conf
Jan 07 12:01:18 proxy.local certbot[45677]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 07 12:01:18 proxy.local certbot[45677]: Cert not yet due for renewal
Jan 07 12:01:19 proxy.local certbot[45677]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Jan 07 12:01:19 proxy.local certbot[45677]: The following certs are not due for renewal yet:
Jan 07 12:01:19 proxy.local certbot[45677]: /etc/letsencrypt/live/dev.abc.com/fullchain.pem expires on 2020-04-01 (skipped)
Jan 07 12:01:19 proxy.local certbot[45677]: No renewals were attempted.
Jan 07 12:01:19 proxy.local certbot[45677]: No hooks were run.
Jan 07 12:01:19 proxy.local certbot[45677]: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Conclusion
Very simple, right. Although this is just a simple job, but for lazy people like me. I want things to be quick and automatic. Therefore, using the script is the right way.
(This is an article from my old blog that has been inactive for a long time, I don’t want to throw it away so I will keep it and hope it helps someone).