Letsencrypt renewal

When we get a certificate from letsencrypt, it has to be renewed periodically.

The question is when do you run the renew? It is simple ( this is an command for that )

[ramk@ip-172-31-91-4 centos]# openssl x509 -noout -dates -in /etc/letsencrypt/live/vulcan.votercircle.in/cert.pem
notBefore=Feb 25 03:55:42 2021 GMT
notAfter=May 26 03:55:42 2021 GM

The command gives you the time period for the expiry and from when we can renew the cert.

Then we can set up a crontab to run. Preferably in a root user. Also make sure you create a file logs

Either run as root, or set --config-dir, --work-dir, and --logs-dir to writeable paths.

touch /var/log/letsencrypt/renew.log

0 12 * * * /usr/local/bin/certbot renew >> /var/log/letsencrypt/renew.log 2>&1