It seems like everyone is using cron
for setting up certbot renew
on Macs
but I couldn't find anyone doing it with launchd
. The other file in this Gist
is the service file.
The documentation on the Let's Encrypt site actually recommends having it run twice a day (12 hours apart) but I've found that once a day is more than sufficient since if it fails it still has another 29 days to succeed.
For fear of people being lazy and just copy/pasting the whole thing I've
removed the Hour and Minute that my script runs at. (Change the CHANGE THIS
values) Just choose a random hour and minute of the day, avoid minute "00" just
to be kind to Let's Encrypt.
This assumes you've already got your certs and you've installed everything you
need. If you can successfully run sudo certbot renew --dry-run
then you're
good to go and can continue here.
Copy the com.letsencrypt.renew.plist
file into /Library/LaunchDaemons/
, then
# Ensure the correct permissions and ownership
sudo chmod 644 /Library/LaunchDaemons/com.letsencrypt.renew.plist
sudo chown root:wheel /Library/LaunchDaemons/com.letsencrypt.renew.plist
# Load and start the service as root
sudo launchctl load /Library/LaunchDaemons/com.letsencrypt.renew.plist
sudo launchctl start com.letsencrypt.renew
If it worked there should be no output. To confirm that it worked:
$ sudo launchctl list | grep -i letsencrypt
- 0 com.letsencrypt.renew