Setting Up Auto-Update for Let's Encrypt

Sometimes when you follow the instructions to set up a web server (for example, a PeerTube installation, or OnlyOffice installation) they show you how to set up Let's Encrypt so you can get SSL (ie., so your pages run on secure HTTPS) but not how to make sure the SSL certificates automatically renews.So I'm writing this to make sure I remember the instructions.

If you need to install Let's Encrypt, don't continue with this article; there are instructions here. This article is only for people trying to renew their certificates.

To renew Let's Encrypt, normally you type:

    sudo certbot renew 


    /usr/bin/certbot renew

To set it up to renew automatically, you would set up a cron job to run this command. Edit the cron table with:
        crontab -e
And then  insert a line that says:
    43 6 * * * certbot renew --post-hook "systemctl reload nginx" 

Now it's always good to test your cron commands. And here, if you use certbot renew then if you're not set up properly, though, this will produce an error:

Failed to renew certificate with error: Missing command line flag or config entry for this setting:
Input the webroot for

Here's what's happening: when you set up Let's Encrypt certbot, it creates a directory here:


and inside that directory there will be a file for your website, like this:

This file gives Let's Encrypt the location of all your certificates and tells it where to store renewal information. The trick is to make sure it has a place to store this information. 

So what you need to do is insert a line into the .conf file with that information. Here's what I added:

    webroot_path = /var/www/certbot,

I saved the .conf file and tested it with:

    certbot renew --cert-name --dry-run

and it worked.

These instructions came from:


Popular Posts