Letsencrypt.org issued SSL certificates are valid for 90 days and you will need to renew it manually to continue using the certificates.
As I am writing this, there is no automatic renewal option in the letsencrypt package so we will need to set up something to do it for us.
The command to renew letsencrypt certificate manually is:
/path/to/letsencrypt-client/letsencrypt-auto renew
in the above command, you need to replace path/to/letsencrypt-client with the actual path.
if you have followed this nodeBB letsencrypt tutorial, this command will be
/opt/letsencrypt/letsencrypt-auto renew
if your domain is not eligible for renewal you will get a message like this:
Checking for new version... Requesting root privileges to run letsencrypt... /root/.local/share/letsencrypt/bin/letsencrypt renew Processing /etc/letsencrypt/renewal/example.com.conf The following certs are not due for renewal yet: /etc/letsencrypt/live/example.com/fullchain.pem (skipped) No renewals were attempted.
What we can do to automate letsencrypt certificate renewal is to set up a cron job to do it for us at regular intervals. This cron job will periodically run the above-mentioned command to renew the SSL certificate for our domain.
To set up a cron we need to edit the crontab.
To edit crontab run following command:
sudo crontab -e
If this is the first time you are editing crontab it may ask you to select your favorite editor. Here we will select nano by typing the digit in front of it and pressing enter.
This will open the crontab file in nano.
Add the following line to the bottom of the file if you are using Nginx web server:
30 2 * * 1 /path/to/letsencrypt-client/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/nginx reload
or if you are using Apache web server add these lines:
30 2 * * 1 /path/to/letsencrypt-client/letsencrypt-auto renew >> /var/log/le-renew.log
35 2 * * 1 /etc/init.d/apache2 reload
Remember to change the /path/to/letsencrypt-client with the actual path of your letsencrypt client folder in the above lines or the renewal will fail.
save the file by pressing control+O
exit nano by pressing control+X and then enter.
You have now successfully edited the crontab.
What this cron will do is to run the letsencrypt renewal script at 2:30 am every Monday and restart the webserver at 2:35 am.
The output of the process will be saved in the log file we set up in the crontab i.e.
/var/log/le-renewal.log
You can check the log file to know what’s happening whenever this cron is running.
That’s it.