A few days ago, I received an email from LetsEncrypt letting me know that it was time to renew my free SSL certificates.
I tried re-running the tool in order to renew the certificates which seemed to work, but then I received this email;
staging-expiry@letsencrypt.org <staging-expiry@letsencrypt.org> Sat, Feb 20, 2016 at 10:15 PM
Hello,
[ Note: This message is from the Let’s Encrypt staging environment. It likely is not relevant to any live web site. ]
You issued a testing cert (not a live one) from Let’s Encrypt staging environment. This mail takes the place of what would normally be a renewal reminder, but instead is demonstrating delivery of renewal notices. Have a nice day!
Details:
DNS Names:
blog.cjtrowbridge.com
cjtrowbridge.com
j-ha.us
opennewsaggregator.us
Expiration Date: 02 Mar 16 03:36 +0000)
Days to Expiration: 9For any questions or support, please visit https://community.letsencrypt.
org/. Unfortunately, we can’t provide support by email.
If you are receiving this email in error, unsubscribe at [REMOVED]. (HTTP link, we know. We’re working on it!)Regards,
The Let’s Encrypt Team
It seems my attempt to use the same tool to renew was not the correct way to go about it. I went looking for tutorials online and eventually found the command letsencrypt-auto renew. It seems too easy! It took just a few seconds to renew all the certs that were going to expire.
Official Documentation suggests using the following script to automate this process;
#!/bin/sh
if ! /path/to/letsencrypt-auto renew > /var/log/letsencrypt/renew.log 2>&1 ; then
echo Automated renewal failed:
cat /var/log/letsencrypt/renew.log
exit 1
fi
apachectl graceful
I created this bash script and added it to the crontab with 0 0 * * 0 root bash /root/letsencrypt/maybe_renew.sh
Now it should be checking automatically on a weekly basis!