Automatically Update SSL Certificates by Certbot


Certbot is a fully-featured client for the Let’s Encrypt CA that can automate the tasks of obtaining certificates and configuring webservers to use them.

I would like to introduce certbot for obtaining certiciates and renew the certiciates.

🐮 Tutorial Environment

In this article, I use the following linux env:

  • OS: CentOS/RHEL 7
  • Server: Nginx

If your env is different, please see official guide.

https://certbot.eff.org/all-instructions/

🎂 Installation

You should first enable EPEL repository and install Certbot

sudo yum -y install yum-utils
sudo yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

sudo yum install certbot-nginx

🚜 Automated Get Started

Running a folloing command will get a certificate and have Certbot edit your Nginx configuration automatically to serve it.

sudo certbot --nginx

👽 Automating Renewal

You can set up a cron or systemd job for renewaling certificate

30 3 * * * /usr/bin/certbot renew --quiet --webroot && /bin/systemctl reload nginx

If you are running Rails application, you should specify a root folder of the Rails app:

30 3 * * * /usr/bin/certbot renew --quiet --webroot --webroot-path /RAILS/PATH/TO && /bin/systemctl reload nginx

🎳 Special Thanks

🖥 Recommended VPS Service

VULTR provides high performance cloud compute environment for you. Vultr has 15 data-centers strategically placed around the globe, you can use a VPS with 512 MB memory for just $ 2.5 / month ($ 0.004 / hour). In addition, Vultr is up to 4 times faster than the competition, so please check it => Check Benchmark Results!!