How to setup cron job for automatic Let's Encrypt renewal?

Better Stack Team
Updated on May 4, 2022

Cron is a command-line job scheduler on Unix-like systems. It allows you to run automated tasks in the background and it's especially useful for repetitive jobs.

That means it's a great tool for automatic renewal of the Let's Encrypt certificate.

In this quick tutorial, we will take a look at how to use cron to automatically renew let's encrypt certificate.

How to renew Let's Encrypt using cron?

Let's Encrypt needs to be renewed at least weekly preferably daily. Longer time periods may cause the certificate to be already expired when renewing. Official documentation recommends running the script twice a day.

The program used for renewing Let's Encrypt is called certbot. You can install certbot using the following command:

sudo apt install certbot

Then open your crontab as shown below:

crontab -e

In the crontab file, add the following line:

0  0,12 *  *  * certbot renew --post-hook "systemctl reload nginx"

This will renew Let's encrypt twice a day at midnight and midday. The second part of the command which is highlighted is used to restart the Nginx web server after renewal. If you are using Apache, change the highlighted part to service apache2 reload.

Got an article suggestion? Let us know
Explore more
Licensed under CC-BY-NC-SA

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

We are hiring.

Software is our way of making the world a tiny bit better. We build tools for the makers of tomorrow.

Explore all positions →

Reliability is the
ultimate feature

Delightful observability tools that turn your logs & monitoring into a secret weapon for shipping better software faster.

Explore Better Stack