$sudo apt install certbot python3-certbot-apache
$sudo certbot run
$sudo crontab -e
Add:MAILTO=""
to the top of the cron script. It will disable a lot of annoying emails.
Then add this to the bottom of the script to run the renewal every 7 days:
0 5 */7 * * certbot renew --renew-hook "service restart apache2"
certbot --cert-name yourcertificatename -d site1.com -d site2.com -d site3.com
Manually renew multiple with cert only (no config file changes). This is useful if you need to add or remove a domain.
certbot certonly --cert-name yourcertificatename -d site1.com -d site2.com -d site3.com
First, follow instructions to install the certificate initially. Then:
Open crontab as admin user sudo crontab -e
Crontab will ask you to choose your editor. Nano is usually fine.
Crontab uses this pattern: {(minute) (hour) (day-of-month) (month) (day-of-week) (command)} all separated by a single space.
Add this line to the end of your crontab: * 1 10 */2 * certbot certonly --force-renewal --webroot -w /path/to/web/root -d example.com
This tells crontab to execut the certbot command at any minute after 1am, on the 10th day of the month, any 2 months, any day of the week.
The certonly
sub-command tells Certbot to simply renew the certificate and not modify the apache.conf file.
According to the Certbot documentation "If you don’t specify a requested behavior, Certbot may ask you what you intended." So to avoid asking questions in our automated process we use the --force-renewal
option.
The --webroot
option tells Certbot to use http-01 authentication type.
The -w
flag sets the path to the webroot.
And finally the -d
flag tells Certbot which domain to renew.