With the new
letsencrypt:auto-renew command added to my dokku-letsencrypt plugin, it is now super-easy to set up automatic certificate renewal on your host!
Here's a guide on how to configure
cron to perform a daily check and auto-renewal for your Let's Encrypt certificates. Note: I'm using the dokku-recommended Ubuntu 14.04 LTS but you should be able to make this work on other distributions, too.
Update 2016-02-21: Thanks to a hint from Morris Jobke, the process was greatly simplified.
Update 2016-05-22: Thanks to a contribution from Joël Gähwiler, the cronjob installation has now been automated in dokku-letsencrypt and a cronjob can be installed simply by running
dokku letsencrypt:cron-job --add.
Setting a crontab entry
Once we've set up
dokku-letsencrypt to manually download a certificate for our app, we can add an entry for
dokku letsencrypt:auto-renew to the crontab of the
$ sudo -u dokku crontab -e
Be sure to include an updated
MAILTO setting (so that possible failure messages will be sent to you) and
PATH definition (so the dokku commands can be found) in addition to the cron entry itself:
MAILTOfirstname.lastname@example.org PATH=/bin:/usr/bin:/usr/local/bin # m h dom mon dow command 0 1 * * * dokku letsencrypt:auto-renew &>> /var/log/dokku/letsencrypt.log
You can edit the cron schedule to renew at a different time. See
man 5 crontab for an explanation of the crontab format.
We've now set up your server to perform daily renewal checks on your certificates and renew them once they have entered their renewal grace period. You can check your certificates, when they will expire and when they will next be renewed using the
dokku letsencrypt:ls command.
By default, certificates will be renewed 30 days before they expire but you can set a different grace period using the
dokku config:set --no-restart <myapp> DOKKU_LETSENCRYPT_GRACEPERIOD=<grace period in seconds> command.