Auto renew LetsEncrypt certificates for NGINX on CentOS 7

Where traditional SSL certificates lasted for at least a year, LetsEncrypt certificates last for just 90 days.  As such, it makes sense to setup automatic renewal so you don’t need to do this manually.

We’re assuming you already have your SSL certificate(s) installed through certbot, on NGINX.

First, so we don’t get trapped in vim forever, we’ll set nano as our default editor:

[root@server ~] export VISUAL=nano

Now, let’s edit the crontab file:

[root@server ~] crontab -e

Add the following line to the bottom of the file:

30 5 * * * certbot renew --post-hook "systemctl reload nginx"

You’re free to edit the numbers at the beginning, these dictate when the script will run.  In the above example it’ll run at 05:30, every day, every month, on every day of the week.  It’s recommended to run the script daily, as it’ll only actually request a new certificate once yours are close to renewal.

Ctrl+o to save and ctrl+x to exit.

As NGINX will only recognise a new certificate after a reload, we’ve also included this in the script.  You can check that this has been successful by running:

[root@server ~] crontab -l

Cron should automatically pick up any changes, according to it’s man page – but this doesn’t always seem to be the case.  To be safe, just run the following:

[root@server ~] service crond reload

That’s all there is to it – your certificates will now renew indefinitely.

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.