How to set Let Encrypt to Automatic Renewal

Friends,Kindly help,my production server is due for renewal of the Let Encrypt.Please guide on how to renew the certificate automatically.I have done the $ sudo crontab -e and copied this detailed # renew letsencrypt certificates on 1st monday of every month and get an email if it gets executed
MAILTO="mail@example.com"
0 0 1-7 * * [ “$(date ‘+%a’)” = “Mon” ] && sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start
into the nano and change the Mailto to my email and saved.There is no mail from them to show that i have renewed .Can the above steps worked for me.And my license is expiring tomorrow
Kindly guide please

2 Likes

I think your basic plan is sound but obviously there is an issue with the syntax somewhere.

To update your certs fir tomorrow I would for now just run

/opt/certbot-auto renew

and check the output. There is a forum post I followed on discuss that worked fine for me.

As usual do check that you are using the correct user and that they have suitable permissions for the certbot-auto script to run fully

Julian

Sorry,when i ran from a user thatt has sudo right ,it was bashed and said access denied.When i ran from the main root user,it was the same thing.Kindly share the link that worked for you

Running this command with sudo should work.

Have you checked that the file has executable permissions

Or do a ls -l in /opt

And check that your user has X in the list

Or try

sudo chmod ug+x certbot-auto

From /opt to add executable permissions to this file

@Julian_Robbins This is the result of using sudo /opt/certbot-auto renew Attempting to renew cert (www.oluk.com) from /etc/letsencrypt/renewal
/www.oluk.com.conf produced an unexpected error: Problem binding to p
ort 443: Could not bind to IPv4 or IPv6… Skipping.
All renewal attempts failed. The following certs could not be renewed:
** /etc/letsencrypt/live/www.oluk.com/fullchain.pem (failure)**
--------------------------------------------------------------------------
-----
All renewal attempts failed. The following certs could not be renewed:
** /etc/letsencrypt/live/www.oluk.com/fullchain.pem (failure)**
--------------------------------------------------------------------------
-----
1 renew failure(s), 0 parse failure(s)
What do i do next. .Thanks

Hi all sudo bench renew-lets-encrypt does the renewal.Thank all

6 Likes

Pleased you got this working. I think the renew switch is a new one so I will make a note of this tok

How can we automate this command?

I’m looking at how to do it with crontab.

For now I renew manually every 3 months. We will appreciate any member who can automate it.

sudo bench renew-lets-encrypt didn’t work for me on ERPNext V13.

I get this when I run the bench command:

Running this will stop the nginx service temporarily causing your sites to go offline
Do you want to continue? [y/N]: y
Setting Up cron job to Renew lets-encrypt every month
$ sudo systemctl stop nginx
$ /opt/certbot-auto renew
Skipping bootstrap because certbot-auto is deprecated on this system.
Your system is not supported by certbot-auto anymore.
Certbot cannot be installed.
Please visit https://certbot.eff.org/ to check for other alternatives.
$ sudo systemctl start nginx

So I had to use the command on cerbot website sudo certbot renew. However, you need to stop nginx to free port 80.

Here’s a simple command to stop Nginx, renew lets encrypt certificate and start Nginx.

sudo systemctl stop nginx && sudo certbot renew && sudo systemctl start nginx
5 Likes