Let’s Encrypt automatic certificate renewal

Just few lines with the configuration I use for the automatic certificate renewal.

cat cli.ini 

# This is an example of the kind of things you can do in a configuration file.
# All flags used by the client can be configured here. Run Let's Encrypt with
# "--help" to learn more about the available options.

# Use a 4096 bit RSA key instead of 2048
rsa-key-size = 4096

# Always use the staging/testing server
#server = https://acme-staging.api.letsencrypt.org/directory
email = giorgio@zarrelli.org
domains= www.zarrelli.org
text = True
agree-tos = True
authenticator = apache
renew-by-default = true
verbose = True

# Uncomment to use the standalone authenticator on port 443
# authenticator = standalone
# standalone-supported-challenges = tls-sni-01

# Uncomment to use the webroot authenticator. Replace webroot-path with the
# path to the public_html / webroot folder being served by your web server.
# authenticator = webroot
# webroot-path = /usr/share/nginx/html

And this is the content of the root crontab

@monthly /usr/sbin/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini --no-redirect

That’s all folks!

Let’s Encrypt