Since a couple of months I deliver all my websites by HTTPS only. Certificates are issued by Let’s Encrypt and I use Certbot as a certification client (hope that is the correct word). This works quite well, actually.
However, the certificates from Let’s Encrypt have one drawback: they expire after 90 days. Hence, you need to renew the certificate now and then. The description from the Certbot page does not work for me as the renew
verb of the certbot
command would create one certificate (with many common names) for all pages served by the server. I do not want that. Every webpage shall have its own certificate.
After some tests, I figured you have to use the force-renew
and quiet
parameter plus the d
flag, which tells certbot
which domain name should be included into the certificate. You maybe end up with a script like this one:
#!/bin/bash
# determine path of script; cd to this path
myPath="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
cd $myPath
# update certbot to the latest version
rm certbot-auto
wget https://dl.eff.org/certbot-auto
chmod +x certbot-auto
# call certbot for each of the web projects you need a certificate for
./certbot-auto certonly --apache --force-renew --quiet -d holger.tk -d www.holger.tk
./certbot-auto certonly --apache --force-renew --quiet -d secondsite.tk -d www.secondsite.tk
./certbot-auto certonly --apache --force-renew --quiet -d yetanothersite.tk -d www.yetanothersite.tk
service apache2 restart
You can trigger the script via cron every ten days or so:
0 0 */10 * * /root/scripts/certbot/renew.sh