How to schedule Auto Renew of Lets Encrypt?

I have been using Lets Encrypt for my site certificates now for a long time and I have always had to ssh into the server and run the command to renew.

I was looking for a way to do this on a schedule so that I didn’t have to manually perform this process. I have seen several posts on the forum here about “wanting” to do this, but none that ever seemed to get it to work.

So, I tried doing it under crontab and that is where everything seems to go wrong.

It turns out that scripts running under crontab cannot execute commands that start with “sudo” because it would be allowing an automated script to take root root privileges without being monitored. I have actually run into this before when trying to automate some other system functions.

The only way I was able to get anything to run as root from crontab was to actually login as root and create the crontab entry so that the user level permissions are in fact root.

We have a similar problem with ERPNext and Lets Encrypt. In order to get the bench command “sudo bench renew-lets-encrypt” command to run, you also have to be able to stop nginx. This is where the problem exists.

Stopping and restarting nginx is a system level command requiring the sudo prefix.

Now, I have been told that root user should NEVER execute commands in bench, so I am not sure now how to get past this issue.

Has anyone else successfully automated the renewal process? If so how?

BKM

this is what I use and it works great for me but I chanced monday to sunday

renew letsencrypt certificates on 1st monday of every month and get an email if it gets executed

MAILTO="mail@example.com"
0 0 1-7 * * [ “$(date ‘+%a’)” = “Mon” ] && sudo service nginx stop && /opt/certbot-auto renew && sudo service nginx start

try it and see it works great.

the link is >> Setting up TLS SSL certificates Let's Encrypt for ERPNext sites · frappe/erpnext Wiki · GitHub

1 Like

Hi @bkm

Trust you’re doing great. So how did you eventually resolve this? Are you using root for auto renewal?

I did not resolve this issue.

I have continued using the manual method up to this point because the bench command for renewal uses python 2.7

I wanted to wait until the ERPNext dev’s finally get to the point of standardizing the system on python3. That did not happen “officially” until they closed the following github issue earlier today!!

https://github.com/frappe/bench/issues/774

Soooo… Now I will wait another few weeks when my certificates come due again and try the new again.

BKM

Okay, thanks for the update