How to renew a standalone Let's Encrypt cert
If you deployed Let's Encrypt SSL certificate independently with nginx (standalone), you can't renew that cert while nginx is running. The only way is to stop nginx and proceed the renewal than start nginx again. Here is a bash script that you can use as crontab (e.g. /opt/my_scripts/renew_cert.sh):
Note: the script requires ssl-cert-check package so install it using this:
sudo apt install ssl-cert-check
Set the crontab as following:
0 */12 * * * /opt/myh_scripts/renew_cert.sh > /var/log/renew_cert.log 2>&1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #! /bin/bash | |
| ## Because this is a standalone letsencrypt cert | |
| ## We have to stop nginx before doing renewal | |
| CERT_IS_VALID=$(/usr/bin/ssl-cert-check -c /etc/letsencrypt/live/mydomain.com/fullchain.pem) | |
| VALID_STR="Valid" | |
| if [[ "$CERT_IS_VALID" =~ "$VALID_STR" ]]; | |
| then | |
| echo "Cert is valid" | |
| else | |
| echo "\n=== Cert is expired ===\n" | |
| systemctl stop nginx | |
| /usr/bin/certbot renew | |
| systemctl start nginx | |
| fi |
Note: the script requires ssl-cert-check package so install it using this:
sudo apt install ssl-cert-check
Set the crontab as following:
0 */12 * * * /opt/myh_scripts/renew_cert.sh > /var/log/renew_cert.log 2>&1
Comments
Post a Comment