Automatically Renewing Your Certificates

Automatically Renewing Your Certificates

Play this article

Now that you have built your secure Linux Server for Xojo Web 2, you might run into issues around 90 days latest!


Why? Because your certificates will expire. We installed let’s encrypt free of cost certificates. They are a tremendous relief, but they need renewal every 89 days latest.

On a side note: I got some replies that I’m not profoundly diving into the certificate's topic or how to use an editor on Linux (yes, “vim” is not the easiest one — try “nano” for instance). The above article proved to work for a couple of people without any issues, which was the purpose. Of course, you have to do your homework, and for a deep dive into some topics, you have to learn those skills.

We are lucky these days that the installation of Let’s Encrypt certificates became so flawless. A few years ago, it was by far more complicated.

Renewing your certificates automatically

We have to ensure that our Linux server will update our certificates when needed.

There are many ways to achieve this. I personally like the following one, as it is not only updating your certificates but will ensure to restart of our Nginx server so that your server will automatically continue to use the renewed credentials and, as such, apply them instantly.

On Linux, we have Cron-Jobs for such tasks. Think of Cron as a Task-Manager. Cron jobs execute tasks at the specified time interval. Log into your Linux server and type:

sudo crontab -e

If you are executing crontab for the first time, you have to specify which editor you want to use (nano is probably the best choice for many of you). Crontab is the tool to edit the “table” of all of your jobs. It comes with a detailed explanation for a reason. You can/should read it.

At the bottom of this file, please add the following line (please ensure that everything is in ONE line):

40 3 * * 0 letsencrypt renew >> /var/log/letsencrypt-renew.log && /etc/init.d/nginx reload > /dev/null 2>&1

Exit crontab, and enjoy that your certificates will now automatically renew when needed.

What is this doing? Please execute the following command (the same as in our crontab above):

sudo letsencrypt renew

You will get an input similar to this:

[...] - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert not yet due for renewal - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - The following certs are not due for renewal yet: [...]

Our script is doing the same, but from now on, every Sunday at 03:40 am. On top of that, the cron task will write a log into the file ‘/var/log/letsencrypt-renew.log’ and then restart the Nginx Server (this ensures that certificates that got a renewal are applied instantly).

As we don’t need any log from the Nginx activities (they are logged already by Nginx), we pipe all output from the web server into the nirvana.

Auto-renewal of all of your Let’s Encrypt certificates is now successfully implemented!


If all this Linux stuff is over your head, you can of course use Tim Parnell’s Lifeboat, which takes care of all of this for you.

And of course, Xojo Cloud is an option too.

Did you find this article valuable?

Support Jeannot Muller by becoming a sponsor. Any amount is appreciated!