Automatically renew standalone certificates generated by certbot

To renew a standalone certificate that was generated by certbot you have to stop the service that is running on port 80 or 443 or it will raise this error:

sudo certbot renew

... Problem binding to port 443: Could not bind to IPv4 or IPv6...

For example if I'm running nginx, I have to stop it to renew my certificates:

sudo systemctl stop nginx

But, that means you have to do it manually while certbot already added a crontab to do it periodically. So, do this to fix:

1. Install nginx plugin for certbot

sudo apt install python-certbot-nginx2

2. Modify the crontab

sudo nano /etc/cron.d/certbot

0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(3600))' && certbot -q renew --nginx







Comments