Articles on: SSL Certificates

Configuring Automatic Renewal for Let's Encrypt Certificates

Configuring Automatic Renewal for Let's Encrypt Certificates at
Let's Encrypt is a free, automated, and open certificate authority that provides SSL/TLS certificates to secure websites. At, we recommend using Let's Encrypt certificates as they are easy to obtain and renew. However, these certificates expire every 90 days, so it's important to set up automatic renewal to avoid service disruptions.
Follow these steps to configure automatic renewal of Let's Encrypt certificates:
Install the Certbot client on your server. Certbot is the recommended tool from Let's Encrypt for obtaining and renewing certificates.
Run Certbot with the --nginx plugin to obtain your initial certificate:
Copy code
sudo certbot --nginx
Set up a cron job or systemd timer to automatically renew the certificate before it expires:
o For cron job (recommended):
 Open the crontab editor: sudo crontab -e
 Add this line to run the renewal twice per month: 0 0,12 * root certbot renew --quiet
o For systemd timer:
 Create the timer file: sudo nano /etc/systemd/system/certbot.timer
 Add the following:
Copy code
Description=Twice per month renewal of Let's Encrypt's certificates


Copy code
- Enable and start the timer:
sudo systemctl enable --now certbot.timer
Configure email notifications (optional but recommended) by adding the following line when running Certbot:
Copy code
This will send you emails when certificates are due for renewal or if there are any issues.
At, we also recommend:
o Setting up automatic HTTP->HTTPS redirection
o Enabling OCSP stapling for faster SSL connection times
o Restricting SSL protocols/ciphers for improved security
By following these steps, you can ensure your Let's Encrypt SSL/TLS certificates at are automatically renewed without any manual intervention required.

Updated on: 08/05/2024

Was this article helpful?

Share your feedback


Thank you!