Skip to content

Instantly share code, notes, and snippets.

@jgillman

jgillman/1-Info.md

Created Jan 3, 2019
Embed
What would you like to do?
Automated certbot renew for Mac with launchd (launchctl)

Automatic certbot renew on a Mac

It seems like everyone is using cron for setting up certbot renew on Macs but I couldn't find anyone doing it with launchd. The other file in this Gist is the service file.

The documentation on the Let's Encrypt site actually recommends having it run twice a day (12 hours apart) but I've found that once a day is more than sufficient since if it fails it still has another 29 days to succeed.

YOU MUST EDIT THE TIMES

For fear of people being lazy and just copy/pasting the whole thing I've removed the Hour and Minute that my script runs at. (Change the CHANGE THIS values) Just choose a random hour and minute of the day, avoid minute "00" just to be kind to Let's Encrypt.

Installation

This assumes you've already got your certs and you've installed everything you need. If you can successfully run sudo certbot renew --dry-run then you're good to go and can continue here.

Copy the com.letsencrypt.renew.plist file into /Library/LaunchDaemons/, then

# Ensure the correct permissions and ownership
sudo chmod 644 /Library/LaunchDaemons/com.letsencrypt.renew.plist
sudo chown root:wheel /Library/LaunchDaemons/com.letsencrypt.renew.plist

# Load and start the service as root
sudo launchctl load /Library/LaunchDaemons/com.letsencrypt.renew.plist
sudo launchctl start com.letsencrypt.renew

If it worked there should be no output. To confirm that it worked:

$ sudo launchctl list | grep -i letsencrypt
-       0       com.letsencrypt.renew
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>Label</key>
<string>com.letsencrypt.renew</string>
<key>ProgramArguments</key>
<array>
<string>/usr/local/bin/certbot</string>
<string>renew</string>
</array>
<key>StandardErrorPath</key>
<string>/tmp/com.letsencrypt.renew.stderr</string>
<key>StandardOutPath</key>
<string>/tmp/com.letsencrypt.renew.stdout</string>
<key>StartCalendarInterval</key>
<dict>
<key>Hour</key>
<integer>CHANGE THIS (e.g. 4 for 4am)</integer>
<key>Minute</key>
<integer>CHANGE THIS (e.g. 33 for the 33rd minute of the hour)</integer>
</dict>
</dict>
</plist>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment