Automatic certbot renew on a Mac
It seems like everyone is using
cron for setting up
certbot renew on Macs
but I couldn't find anyone doing it with
launchd. The other file in this Gist
is the service file.
The documentation on the Let's Encrypt site actually recommends having it run twice a day (12 hours apart) but I've found that once a day is more than sufficient since if it fails it still has another 29 days to succeed.
YOU MUST EDIT THE TIMES
For fear of people being lazy and just copy/pasting the whole thing I've
removed the Hour and Minute that my script runs at. (Change the
values) Just choose a random hour and minute of the day, avoid minute "00" just
to be kind to Let's Encrypt.
This assumes you've already got your certs and you've installed everything you
need. If you can successfully run
sudo certbot renew --dry-run then you're
good to go and can continue here.
com.letsencrypt.renew.plist file into
# Ensure the correct permissions and ownership sudo chmod 644 /Library/LaunchDaemons/com.letsencrypt.renew.plist sudo chown root:wheel /Library/LaunchDaemons/com.letsencrypt.renew.plist # Load and start the service as root sudo launchctl load /Library/LaunchDaemons/com.letsencrypt.renew.plist sudo launchctl start com.letsencrypt.renew
If it worked there should be no output. To confirm that it worked:
$ sudo launchctl list | grep -i letsencrypt - 0 com.letsencrypt.renew