How-To: Automatically renew Let's Encrypt certificates every 3 months

Let's Encrypt is awesome and enables everyone to use TLS free of charge. Nevertheless, one thing that will become quite tedious fairly soon is renewing the certificates every 3 months. Thankfully the renewal can be automated easily with crontab.

First we will create a shell script that will temporarily stop our service, renew the certificate using certbot and then restart the service. Type touch renew-certs.sh to create the file. The script could like the following:

cd "path/to/docker-compose.yml"
docker-compose stop
certbot renew --force-renewal
docker-compose up -d

Next up, make sure that the file is executable:

chmod +x renew-certs.sh

Lastly we use crontab to automatically trigger the script every 3 months. Type crontab -e, select the editor of your choosing and add a new line:

# This will make sure to execute our script at the first
# of each third month at 3:30am
30 3 1 */3 * sh /path/to/renew-certs.sh

That's it. Save your changes and feel free to not renew your Let's Encrypt certificate every 3 months.

P.S.: Check crontab.guru if you need help with configuring renewal times.

Show Comments