Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Auto renewal for Let's Encrypt Apache
# Let's Encrypt renewal script for Apache on Ubuntu/Debian
# @author Erika Heidi<>
# Usage: ./ [base-domain-name]
# More info:
if [ ! -f $config_file ] ; then
echo "[ERROR] The config file for the certificate $certdomain was not found."
exit 1;
domains=$(grep --only-matching --perl-regex "(?<=domains \= ).*" "${config_file}")
last_char=$(echo "${domains}" | awk '{print substr($0,length,1)}')
if [ "${last_char}" = "," ]; then
domains=$(echo "${domains}" |awk '{print substr($0, 1, length-1)}')
echo $domains;
if [ -z "$domain" ] ; then
echo "[ERROR] you must provide the domain name for the certificate renewal."
exit 1;
if [ ! -f $cert_file ]; then
echo "[ERROR] certificate file not found for domain $domain."
exit 1;
exp=$(date -d "`openssl x509 -in $cert_file -text -noout|grep "Not After"|cut -c 25-`" +%s)
datenow=$(date -d "now" +%s)
days_exp=$(echo \( $exp - $datenow \) / 86400 |bc)
echo "Checking expiration date for $domain..."
if [ "$days_exp" -gt "$exp_limit" ] ; then
echo "The certificate is up to date, no need for renewal ($days_exp days left)."
exit 0;
echo "The certificate for $domain is about to expire soon. Starting renewal request..."
domain_list=$( get_domain_list $domain )
"$le_path"/letsencrypt-auto certonly --apache --renew-by-default --domains "${domain_list}"
echo "Restarting Apache..."
/usr/sbin/service apache2 reload
echo "Renewal process finished for domain $domain"
exit 0;
Copy link

nikos commented Jan 10, 2016

Thanks for your script and your blog article.
To avoid any hickups of the webserver you could also go for a graceful restart, like replacing line 58 with:

apachectl -k graceful

Copy link

bmanojlovic commented Jan 23, 2016

a bit cleaned up script and removed need for some tools

Copy link

benyanke commented Jan 28, 2016

Added timestamp at the top, to make logging more clear:

Copy link

realrasengan commented Feb 27, 2016

Ubuntu 15.10 requires bc (sudo apt-get install bc)

Copy link

b-alidra commented Mar 21, 2016

@erikaheidi Thanks for your script and blog article.
Here's a combined version of @bmanojlovic and @benyanke:

Copy link

macdonjo commented Jun 21, 2016

I got [ERROR]: certificate file not found for domain but the actual error was to simply run it as sudo

Copy link

jinformatique commented Jul 19, 2016


When my cert is about to expire, I got this error:

The certificate for is about to expire soon. Starting renewal request...
Requested domain  is not a FQDN

Copy link

mickaelmonsieur commented Jul 27, 2016

@juanito003, i have the same problem... no solution ?

Copy link

kamil-maslowski commented Jul 27, 2016

@juanito003, and same here... any luck on fixing that?

Copy link

geraintp commented Aug 8, 2016

So this doesn't work anymore, by the looks of it the config_file from line 15's format has changed, and no longer contains the domain names, so the net result of the get_domain_list function is an empty string ' ' on top of that the --domains option doesn't work any more either, so line 56 that actually does the hard work wouldn't work even if it didn't have a blank where the list of domains should be..

don't really know enough about bash scripting to fix it without spending a lot of time on it, but if you take the code in line 56

"$le_path"/letsencrypt-auto certonly --apache --renew-by-default --domains "${domain_list}"

and convert it, and run the command

/etc/letsencrypt/letsencrypt-auto certonly --apache --renew-by-default -d -d

assuming /etc/letsencrypt is where you installed letsencrypt it should execute correctly, then service apache2 reload to start using the new cert.

Copy link

kbpontius commented Aug 17, 2016

I used this script for a while and found it wasn't working either. This article really helped me:

It covers starting out through settings up auto-renew, but it definitely covered all the bases for me.

Copy link

sjaanus commented May 5, 2017

How does this compare to certbot for renewal? Is this script created before certbot was around? Which is the best practice today?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment