How to renew a standalone Let's Encrypt cert

If you deployed Let's Encrypt SSL certificate independently with nginx (standalone), you can't renew that cert while nginx is running. The only way is to stop nginx and proceed the renewal than start nginx again. Here is a bash script that you can use as crontab (e.g. /opt/my_scripts/renew_cert.sh):

#! /bin/bash
## Because this is a standalone letsencrypt cert
## We have to stop nginx before doing renewal
CERT_IS_VALID=$(/usr/bin/ssl-cert-check -c /etc/letsencrypt/live/mydomain.com/fullchain.pem)
VALID_STR="Valid"
if [[ "$CERT_IS_VALID" =~ "$VALID_STR" ]];
then
echo "Cert is valid"
else
echo "\n=== Cert is expired ===\n"
systemctl stop nginx
/usr/bin/certbot renew
systemctl start nginx
fi
view raw renew_cert.sh hosted with ❤ by GitHub


Note: the script requires ssl-cert-check package so install it using this:

sudo apt install ssl-cert-check

Set the crontab as following:

0 */12 * * * /opt/myh_scripts/renew_cert.sh > /var/log/renew_cert.log 2>&1

Comments