Auto renew LetsEncrypt certificates for NGINX on CentOS 7

No Comments

Where traditional SSL certificates lasted for at least a year, LetsEncrypt certificates last for just 90 days.  As such, it makes sense to setup automatic renewal so you don’t need to do this manually.

We’re assuming you already have your SSL certificate(s) installed through certbot, on NGINX.

First, so we don’t get trapped in vim forever, we’ll set nano as our default editor:

[root@server ~] export VISUAL=nano

Now, let’s edit the crontab file:

[root@server ~] crontab -e

Add the following line to the bottom of the file:

30 5 * * * certbot renew --post-hook "systemctl reload nginx"

You’re free to edit the numbers at the beginning, these dictate when the script will run.  In the above example it’ll run at 05:30, every day, every month, on every day of the week.  It’s recommended to run the script daily, as it’ll only actually request a new certificate once yours are close to renewal.

Ctrl+o to save and ctrl+x to exit.

As NGINX will only recognise a new certificate after a reload, we’ve also included this in the script.  You can check that this has been successful by running:

[root@server ~] crontab -l

That’s all there is to it – your certificates will now renew indefinitely.

Previous Post
Start a website in just 15 minutes

Related Posts

No results found

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.