How to Set Up Automatic SSL Certificate Renewal in Ubuntu
Hey there! When I started hosting my Laravel apps on Ubuntu servers, I quickly realized how important it is to secure them with HTTPS. Let’s Encrypt provides free SSL certificates, but they expire every 90 days, and manually renewing them was a hassle.
That’s when I learned how to automate SSL certificate renewal using Certbot on Ubuntu. In this article, I’ll share how I set up automatic SSL renewal for my websites (like my Laravel apps) on an Ubuntu server, ensuring they stay secure without extra work.
Whether you’re using Nginx, Apache, or deploying with CI/CD, this guide is beginner-friendly and will save you time. Let’s dive in!
Step-by-Step Guide to Set Up Automatic SSL Certificate Renewal in Ubuntu
Here’s how I configure automatic SSL certificate renewal on Ubuntu using Let’s Encrypt and Certbot. This guide assumes you’re running Ubuntu (e.g., 22.04 LTS) and have a web server (Nginx or Apache) with a registered domain. I’ll also tie it to deploying apps like Laravel, as in my previous setups.
Step 1: Install Certbot
Certbot is the tool that manages Let’s Encrypt certificates. To install it on Ubuntu, I start by updating the system and installing the Certbot package for my web server (Nginx or Apache).
For Nginx:
sudo apt update
sudo apt install -y certbot python3-certbot-nginx
For Apache:
sudo apt update
sudo apt install -y certbot python3-certbot-apache
This installs Certbot and the plugin for your web server, which simplifies certificate management.
Step 2: Obtain an SSL Certificate
Before setting up auto-renewal, you need an SSL certificate. I run the Certbot command to generate one for my domain (e.g., example.com). Make sure your domain’s DNS points to your server’s IP and ports 80 and 443 are open.
For Nginx:
sudo certbot --nginx -d example.com -d www.example.com
For Apache:
sudo certbot --apache -d example.com -d www.example.com
Certbot prompts you to:
- Enter an email for renewal notifications.
- Accept Let’s Encrypt’s terms.
- Choose whether to redirect HTTP to HTTPS (I recommend selecting “Redirect” for security).
Certbot automatically configures your web server and installs the certificate. You can verify it by visiting https://example.com and checking for the padlock icon.
Step 3: Verify Auto-Renewal Setup
Good news: Certbot sets up automatic renewal by default on Ubuntu! When you install Certbot via apt, it adds a systemd timer or cron job to renew certificates before they expire (every 90 days for Let’s Encrypt). I check if it’s active with:
sudo systemctl status certbot.timer
If it’s active, you’ll see it’s enabled and running twice daily. If not, or if you want to confirm, run a dry run to test the renewal process:
sudo certbot renew --dry-run
This simulates renewal without making changes. If it succeeds without errors, your setup is ready.
Step 4: Configure the Auto-Renewal Cron Job (Optional)
If the systemd timer isn’t set up or you prefer a cron job, I add one manually. Open the crontab:
sudo crontab -e
Add this line to run renewals daily at noon (Certbot only renews certificates within 30 days of expiration):
0 12 * * * /usr/bin/certbot renew --quiet
The --quiet flag prevents unnecessary logs. Save and exit. This ensures certificates renew automatically.
Step 6: Test and Monitor
To test auto-renewal, I check the certificate’s expiry date:
sudo certbot certificates
This lists all certificates and their expiry dates. If a certificate is nearing expiration (within 30 days), Certbot renews it automatically. I also monitor emails from Let’s Encrypt for renewal alerts. If issues arise, I verify port 80/443 access and DNS settings.
Conclusion
Setting up automatic SSL certificate renewal on Ubuntu with Certbot has made my life so much easier. No more worrying about expired certificates or manual renewals—my websites, including my Laravel apps, stay secure with HTTPS. Whether you’re running Nginx, Apache, or a Dockerized Laravel app with CI/CD, this setup is straightforward and reliable.
Frequently Asked Questions
Q: Why do Let’s Encrypt certificates expire every 90 days?
A: Let’s Encrypt uses 90-day certificates to enhance security by encouraging frequent renewals and reducing risks from compromised keys.
Q: Do I need to manually renew certificates with Certbot?
A: No, Certbot sets up auto-renewal by default via a systemd timer or cron job. You can verify it with sudo systemctl status certbot.timer.
Q: Can I use this with a Laravel app in Docker?
A: Yes! You can run Certbot on your server or include renewal commands in your CI/CD pipeline, as shown in Step 5.
Q: What if my auto-renewal fails?
A: Check the Certbot logs (/var/log/letsencrypt), ensure ports 80/443 are open, and verify DNS settings. Run sudo certbot renew --dry-run to troubleshoot.
Q: Can I use another SSL provider instead of Let’s Encrypt?
A: Yes, but providers like Sectigo or DigiCert may require different automation tools or manual renewal processes. Let’s Encrypt is free and beginner-friendly.
You might also like :
- Read Also: Scaling Your Laravel App with CI/CD and Docker
- Read Also: Configure SSL for Laravel 12 on Ubuntu Apache
- Read Also: How To Fix cURL Error 60 SSL Certificate Problem
- Read Also: How to Deploy a Laravel 12 Project on AWS EC2
