Auto-renew Let’s Encrypt SSL certificates using crontab

Usually we renew certificates with certbot --apache in CentOS, and the problem is if you have ton of domains, then how to fix it. 

We can use an automatic code with cron job.

to try it, you can use these codes first:

(base) [root@diomain ~]# certbot renew --apache

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/diomain.fr.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certificate not yet due for renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

The following certificates are not due for renewal yet:

  /etc/letsencrypt/live/diomain.fr/fullchain.pem expires on 2023-03-20 (skipped)

No renewals were attempted.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

(base) [root@diomain ~]# certbot certificates

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Found the following certs:

  Certificate Name: diomain.com

    Serial Number: 331cb1d6f8f48cf90e65992cd1c0fdc57b2

    Key Type: RSA

    Domains: diomain.fr

    Expiry Date: 2023-03-20 01:39:17+00:00 (VALID: 89 days)

    Certificate Path: /etc/letsencrypt/live/diomain.fr/fullchain.pem

    Private Key Path: /etc/letsencrypt/live/diomain.fr/privkey.pem

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

If you haven't problem, now you can create it with webmin or use this manual command

crontab -e

0 0 20 2,4,6,8,10,12 * certbot renew --apache

we can assume that validation of certificate is 90 days so we must renew it in two months.

The command description is Cron will work at time: 0 minutes: 0 date: 20 month: 2/4/6/8/10/12 weekdays: */all