Is there a way to auto-renew the SSL certs from Let's Encrypt before they expire?
Nick
they do not do it correctly
they do not do it correctly though, if you use nagios to check your certificate you will see that however thirdlane is renewing the cert, its not actually reissuing and will report that its still expired, even though browsers seem to be OK with it.
I changed my /etc/nginx/conf.d/https/server/ssl_cert.conf entries to
ssl_certificate /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vpbx02.pbx.bluegrass.net/privkey.pem;
now I just have to:# service nginx stop
# ./certbot-auto renew
# service nginx renew
this could easily be scripted into a cron job. If I could figure out how to get webmin to show files from DocumentRoot without authentication I could do it with the --webroot engine of certbot and not even have to stop nginx while doing it.
They auto-renew by default (at least mine do). Last time cut it kind of close though. It seemed to wait until there was only 2 days left before it renewed.