What is Let's Encrypt?
Let's Encrypt is a certificate authority which provides free SSL certificates.
SSL Certificates are small data files that digitally bind a cryptographic key to an organisation's details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser and vice-versa.
How to install the certificate using Let's Encrypt?
You can follow the official docs or directly use Certbot to install the certificates for your server (like Apache, Nginx etc.) and OS (Linux, CentOS etc.)
What is the problem?
Let's encrypt needs to be renewed in every 90 days, and once configured on your server, it starts sending you emails a few weeks before the actual expiry date. Which is good but kind of annoying as well, if you like to keep your mailbox clean.
So we need to manually trigger the cerbot renew command from each server to renew SSL certificates, which is ok to some extent.
Let's imagine a hypothetical scenario where you have to renew multiple SSL Certificates whose expiry date is very close. Isn't that tedious to manually enter each server just to trigger the certbot to renew your certificates?
So, can't we renew these certificates automatically? The obvious answer is, YES WE CAN!
What is the solution?
The achieve this, all we need to do is add a new crontab which will trigger the certbot at a certain time in a day to check the expiry date of your SSL certificates and take care of the renewing it.
What is crontab?
The crontab is a list of commands that you want to run on a regular schedule, and also the name of the command used to manage that list. Crontab stands for "cron table, " because it uses the job scheduler cron to execute tasks.
Following are the steps which I took to automate the renewal of my SSL certificate: 1 Configure the crontab (Make sure to use sudo so that root crontab can be configured with root privilege which will allow certbot command to be run without sudo):
$ sudo crontab -e
- The above command will open the editor which you have configured on your system, and add the following lines in it:
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0 0 */10 * * certbot renew >> /logs/certbot-cron.log 2>&1
Save your crontab, and that's all folks.
You have successfully added a new job. Now, this crontab will take care of renewing the SSL certificates before it gets expired, and you don't have to worry about anything.
Breaking down the command for better understanding:
Cron Expression: The first part 0 0 */10 * * is the cron expression, which basically describes individual detail of the schedule. For our case, we have scheduled it to trigger the command on every 10th day of a month at 00:00. You can create your own cron expression using this amazing site crontab.guru.
Command: The second part is cerbot renew the command which is used to renew the SSL certificates.
Logging: The third part is where I am saving the generated logs for future references.
Using 2>&1 we are redirecting stderr to whatever value is set to stdout.
In case you want to verify if your certificates are renewed successfully or not, run the below command:
$ sudo certbot certificates
That's all for now.