Renew let’s encrypt SSL via systemd

I’ll assume that you are using Ubuntu 16.04 and nginx on your server, as I’ll talk about installing Certbot and then how to setup the renew process.

To install Certbot (the simple way) you need to update your system and run the following commands:

After installing Certbot you will need to run the following command which will edit your nginx configuration files and do the magic

And to renew your certificate you should run the following command ( which is the command that we will automate )

Now that we have everything up and running we will need to configure Systemd to automate the renew process, the following is copied over from Sheogorath’s Blog post but modified a bit to work with Certbot instead of letsencrypt binary.

1- Create the renewal as systemd service:

Inside the file add the following:

Am not going to explain everything as the mentioned post explain all the items in details.

2- Run the service every day:

Inside the file add the following:

To enable the timer service, we run the following command:

Finally, to run it, we run the following command:

3- Reload nginx configuration:

Even though I think the new Certbot will reload nginx automatically, we won’t lose anything from running a reload after each renew, to do so we should create a folder called letsencrypt.service.d inside /etc/systemd/system and add a small config file to it like the following commands:

Then add the following inside that nginx.conf file:

You can test everything by running the command:

and that’s it, now the renew will run every day and try to renew the certificate before it expires.

Filed under: Linux, Nginx

No comment yet, add your voice below!

Leave a Reply