I received several notifications recently that my Let's Encrypt certificates were coming up on their expiration date. By design, certificates created with LE are good for 90 days, which encourages automation to keep the validity of your certificates in check.
Writing a script to keep my certificates renewed was something I've been meaning to do, but hadn't needed to yet since it's been less than 90 days from when I started with Let's Encrypt. When I received the notifications, I knew it was finally time to get to work.
Due to using Nginx, I used the standalone method to generate my certificates originally. Because of this, using the standalone method was needed to request renewals of those same certs with a singular line of code:
./letsencrypt-auto certonly --standalone -d example.com -d www.example.com
It's important to note that using the code above generates a renewal for a wildcard certificate, because of the
-d example.com -d www.example.com specification. Running all the domains together separated by the
-d switch wouldn't have done any good either, since that would have generated a multi-domain certificate which is also not something I wanted.
The solution was to pass each renewal request to it's own command string. Also, because I'm using Nginx and not Apache, stopping the Nginx service is required before a certificate renewal request can be processed, due to a port conflict. This makes
service nginx stop and
service nginx start necessary.
Once I recognized the requirements, creating a renewal script was fairly straightforward for my Ubuntu installation:
#!/bin/sh cd letsencrypt&&service nginx stop&&./letsencrypt-auto certonly --standalone -d classicyuppie.com&&./letsencrypt-auto certonly --standalone -d foxdesignwerx.com&&./letsencrypt-auto certonly --standalone -d mint.classicyuppie.com&&./letsencrypt-auto certonly --standalone -d news.classicyuppie.com&&./letsencrypt-auto certonly --standalone -d wp.classicyuppie.com&&service nginx start
If you're looking for a quick way to renew your certificates in one fell swoop, considering writing your own renewal script, keeping in mind the syntax needed for your system.