Let’s Encrypt is a SSL certificate Authority that provides free SSL certificates, as well as a client that can be used to create and renew certificates. In most cases, if you are using LAMP or LEMP stacks the client provides all functionallity needed to enable HTTPS on your website. Up to now (2016-07-19), the automatic renewal function is the only important thing that is missing in the client. If you still want to autmatically renew your certificate, and not do this by hand every 90 days, you can use the following workaround.
- Nginx or Apache2 webserver
- PHP 5.x or newer
- Ubuntu 14.04 or newer (will most likely also work on most other UNIX destributions)
- Installed and working Let’s Encrypt SSL certificate (can be obtained at https://letsencrypt.org/)
- User with sudo permissions
Automatically renew SSL certificate
Let’s Encrypt certificates are valid 90 days. I recommend to renew the certificate more frequent, because it does not cost anything, but you get a margin for error processing as advantage. Personally I renew the certificate every week, but doing it every month up to 80 days will also be sufficient.
To renew the certificate, the client provides the command
So our aim is to run this command automatically every month. After running the command it is important to restart your webserver, otherwise the changes won’t take effect. Since we are on a webserver, the easiest solution is to set up a cronjob that will run the command.
To set up a cronjob you can run the following command:
sudo crontab -e
And add the following entries:
0 0 1 * * /path/to/letsencrypt/letsencrypt-auto renew > /var/log/letsencrypt.log 5 0 1 * * /etc/init.d/nginx reload #or apache2 restart if you are on apache2
This will run the letsencrypt renew command on the 1st of every month at 12:00 a.m. (midnight), and the nginx/apache2 reload command 5 minutes later at 12:05 a.m. The five minutes time delay will be enough for the letsencrypt tool to finish the renewal (it usually takes only some seconds, but just to be safe).