Auto-renewing your Let's Encrypt certificate with scheduled tasks

Let's Encrypt certificates are really useful for custom domains -- you can get HTTPS working on your site for free. Their one downside is that the certificate only lasts for 90 days, so you need to remember to renew it.

The good news is that you can set up a scheduled task to do that all for you -- no need to put anything in your calendar. Once you've done the initial Let's Encrypt setup to get the original certificate installed, and you've confirmed that it's all working, go to the "Tasks" tab, and set up a daily task with this command:

cd ~/letsencrypt && ~/dehydrated/dehydrated --cron --domain www.yourdomain.com --out . --challenge http-01 && pa_install_webapp_letsencrypt_ssl.py www.yourdomain.com

Don't forget to replace both instances of www.yourdomain.com with your actual website's hostname.

Most days, this will fail with a message like this from the dehydrated script:

Valid till Nov 12 15:23:59 2018 GMT (Longer than 30 days). Skipping renew!

Followed by a message from the pa_install_webapp_letsencrypt_ssl.py saying something like this:

POST to set SSL details via API failed, got <Response [400]>:{"cert":["Certificate has not changed."]}

...but this is harmless. When your certificate really does have just 30 days to go, it will succeed and your certificate will be renewed, and the new one installed.

blog comments powered by Disqus

PythonAnywhere is a Python development and hosting environment that displays in your web browser and runs on our servers. They're already set up with everything you need. It's easy to use, fast, and powerful. There's even a useful free plan.

You can sign up here.