Warning, this article has been created more than 6 month ago. The information it contains may not be up to date. Examples of script to renew automaticaly web certificates with let's encrypt Written by Mirabellette / 13 october 2017 / no comments Hello everyone, I know it is a very long time that I didn't post any article but life is life. ^^ Today, I wanted to share two scripts I used to renew my web certificates with let's encrypt. I know there is a lot of documentation about that, but it could help some of you to keep some time. Generation web certificates with a specific domain name The script browses the given file and ignore the line which begin with # or ----------. These symbols are used in the given file to make the text easier to read. Each line is one of my domains name or sub domains I managed. I just have to add a new one to this list to be sure the certificate of this new domain name will be automatically renewed. #!/bin/bash # file : /root/certs/renew-webcert.sh # Renew all certificates which are in the given file logFile="/var/log/renew-cert.log" serverName=$1 while read c ; do if [[ ${c} != "#"* ]]; then if [[ ${c} != "----------" ]]; then echo $c echo "/opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect" | tee -a $logFile /opt/letsencrypt/letsencrypt-auto --apache --renew-by-default -d $c --rsa-key-size 4096 --uir --redirect fi fi done <$serverName service apache2 restart echo "service apache2 restart" # file : /root/certs/serverName toto.example.org #titi.example.org ---------- tata.example.org To use this one, I create a cron task which run the script each month 0 6 01 * * /root/certs/renew-webcert.sh /root/certs/serverName Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700) A single web certificate with multiple domain name The second one is very similar to the first one. The main difference is that it creates a single certificate with multiple domain name and do not get a domain name from a file given as parameter. #!/bin/bash # file : /root/certs/renew-webcert-mirabellette.sh logFile="/var/log/renew-cert-mirabellette.log" serverName="server-name-mirabellette" cmdRenew="/opt/letsencrypt/letsencrypt-auto --apache --rsa-key-size 4096 --uir --redirect" while read domainName ; do if [[ ${domainName} != "#"* ]]; then if [[ ${domainName} != "----------" ]]; then echo $domainName cmdRenew="$cmdRenew -d $domainName" fi fi done <$serverName echo ${cmdRenew} ${cmdRenew} service apache2 restart echo "service apache2 restart" # file : /root/certs/server-name-mirabellette blog.mirabellette.eu privatebin.mirabellette.eu #lufi.mirabellette.eu To use this one, I create a cron task which run the script each month 0 6 01 * * /root/certs/renew-webcert-mirabellette.sh Warning : be careful that /root/certs/renew-webcert.sh need to executable (chmod 700) sources: https://letsencrypt.org/docs/rate-limits/ https://community.letsencrypt.org/t/host-multiple-domains-with-a-single-certificate/20917/2 I hope this article gave you some ideas to easily manage how to renew your web certificate.