Setting up Let's Encrypt certbot (ver. 0.22.0, will be upgraded to 0.23.0 at later stage) # cd /root/ # mkdir -p /root/lets-encrypt/certbot # cd /root/lets-encrypt/certbot # wget https://dl.eff.org/certbot-auto # chmod a+x certbot-auto # ./certbot-auto --apache certonly Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): IMPORTANT NOTES: - Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/HOSTNAME.DOMAIN.COM/fullchain.pem Your key file has been saved at: /etc/letsencrypt/live/HOSTNAME.DOMAIN.COM/privkey.pem Your cert will expire on 2018-07-04. To obtain a new or tweaked version of this certificate in the future, simply run certbot-auto again. To non-interactively renew *all* of your certificates, run "certbot-auto renew" /etc/letsencrypt/live/HOSTNAME.DOMAIN.COM/cert.pem /etc/letsencrypt/live/HOSTNAME.DOMAIN.COM/privkey.pem /etc/letsencrypt/live/HOSTNAME.DOMAIN.COM/chain.pem ***HOSTNAME.DOMAIN.COM = your domain's hostname Automatic renewal: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Test automatic renewal for your certificates by running this command: # ./certbot-auto renew --dry-run If it appears to be working correctly,you may get "Congratulations" notes at the end of dry-run. ++++++++++++++++++++++++++++++++++++++++++++++++++ ...... ...... Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/ns1.hawkdns.net/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) ------------------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++ Set up cronjob to automatically renew: For CentOS-7: #30 1 * * * /root/lets-encrypt/certbot/certbot-auto renew --renew-hook "systemctl restart httpd" #* 0 * * * /root/scripts/dump-all-db.sh > /dev/null 2>&1 #0 0,12 * * * cd /root/lets-encrypt/certbot/ && ./certbot-auto renew --renew-hook && systemctl restart httpd 0 0,12 * * * /root/lets-encrypt/certbot/certbot-auto renew --renew-hook "systemctl restart httpd" For CentOS-6: 0 0,12 * * * /root/lets-encrypt/certbot/certbot-auto renew --renew-hook "service httpd restart"