受欢迎的博客标签

Configuring Automatic LetsEncrypt SSL Certificate Renewal

Published
Created: 2024年1月1日星期一 下午3:18:30 Latest updated:2024年3月30日星期六 下午12:45:01 views(156)

How to automatically renew Let’s Encrypt certbot certs on Ubuntu?In this tutorial we have scheduled the certbot to auto-renew Let’s Encrypt SSL certificates before they expire.

 

Renewal of certificates only happens if they are within 30 days of the expiry date.
A cron job manages the SSL auto-renew feature. A cron file is automatically added during the installation of Certbot and we can find it in the /etc/cron.d/certbot directory.

In case it’s not available, we need to create it.
Let’s populate the cron file with this content:

Ubuntu 18.04.6 LTS on aliyun vps

# lsb_release -a
LSB Version:	core-9.20170808ubuntu1-noarch:security-9.20170808ubuntu1-noarch
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.6 LTS
Release:	18.04
Codename:	bionic

 

# certbot --version
certbot 2.8.0

A Ubuntu system has the following cron tab files and directories:

@iZnh03:/etc# ls  cron*
cron.d:
cron.daily:
cron.hourly:
cron.monthly:
cron.weekly:

 

vi /etc/cron.d/certbot

# /etc/cron.d/certbot: crontab entries for the certbot package
#
# Upstream recommends attempting renewal twice a day
#
# Eventually, this will be an opportunity to validate certificates
# haven't been revoked, etc.  Renewal will only occur if expiration
# is within 30 days.
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew

 

crontab

certbot-renew.sh

#!/bin/bash

echo "==================Certbot Renew====================="
echo "==================`date`============================"

sudo certbot certificates
service nginx stop
certbot renew
sudo certbot certificates
service nginx restart

echo "==================End==============================="

0 3 1 * * /ktt/crons/certbot-renew.sh &>> /ktt/crons/certbot-renew.log

&>>
& 指将标准输出和标准错误输出都重定向到certbot-renew.log文件;
> 指覆盖写入到文件;
>> 指追加写入到文件。

sudo crontab -e

0 3 1 * * /ktt/crons/certbot-renew.sh &>> /ktt/crons/certbot-renew.log

0 3 1 * * 指每个月1号3点0分执行任务

 

Useful links

crontab的语法规则格式(每分钟、每小时、每天、每周、每月、每年定时执行 规则)

https://peakxin.blog.csdn.net/article/details/83178876