Let's Encrypt Auto-Renewal SSL Setup

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Development and maintenance of all types of websites:

Informational websites or web applications

Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators

E-commerce websites or web applications

Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers

Business process management web applications

CRM systems, ERP systems, corporate portals, production management systems, information parsers

Electronic service websites or web applications

Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services

Showing 1 of 1 servicesAll 2065 services

Let's Encrypt Auto-Renewal SSL Setup

Simple

from 4 hours to 2 business days

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

Development of a web application for FEEDME
1161
Development of an online store for the company FURNORO
1041
Development of a web application for Enviok
822
CRM development for Chasseurs
847
Website development for SBH Partners
999
Website development for Red Pear
451

Show more works

Let's Encrypt SSL Setup with Automatic Renewal

Let's Encrypt — free certificate authority issuing DV certificates valid for 90 days. Certbot automates obtaining and renewal: certificate updates without manual intervention.

Certbot Installation

# Ubuntu/Debian
apt install certbot python3-certbot-nginx

# CentOS/RHEL
dnf install certbot python3-certbot-nginx

# Snap (universal)
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot

Obtaining a Certificate

# Automatic mode — Certbot modifies nginx config
certbot --nginx -d example.ru -d www.example.ru

# Obtain certificate only (without modifying nginx)
certbot certonly --nginx -d example.ru -d www.example.ru

# Wildcard certificate (DNS challenge only)
certbot certonly --manual \
    --preferred-challenges=dns \
    -d example.ru \
    -d *.example.ru

Wildcard requires adding _acme-challenge.example.ru TXT record to DNS. Automation supported via plugins (certbot-dns-cloudflare, certbot-dns-route53).

Automatic Renewal via DNS Challenge (Cloudflare)

pip install certbot-dns-cloudflare

# /etc/letsencrypt/cloudflare.ini
dns_cloudflare_api_token = YOUR_CLOUDFLARE_API_TOKEN

certbot certonly \
    --dns-cloudflare \
    --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
    -d example.ru \
    -d *.example.ru

Automatic Renewal

Certbot adds systemd timer or cron on installation. Check:

# Check timer
systemctl list-timers | grep certbot

# Test renewal (without actual renewal)
certbot renew --dry-run

# Manual renewal
certbot renew

If hook not added automatically — add to cron:

# Crontab
0 3 * * * certbot renew --quiet --post-hook "systemctl reload nginx"

--post-hook reloads Nginx after certificate update — without it Nginx continues using old certificate.

Nginx Configuration After Certbot

# /etc/nginx/sites-available/example.ru.conf
# (certbot adds ssl_certificate and ssl_certificate_key automatically)

server {
    listen 443 ssl;
    server_name example.ru www.example.ru;

    # Added by certbot
    ssl_certificate /etc/letsencrypt/live/example.ru/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.ru/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    # Additionally
    add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" always;
    ssl_stapling on;
    ssl_stapling_verify on;
}

Monitoring Expiration Date

# Check expiration
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.ru/cert.pem

# Via curl
echo | openssl s_client -servername example.ru -connect example.ru:443 2>/dev/null \
    | openssl x509 -noout -dates

Monitor via Zabbix, Prometheus (blackbox_exporter), or UptimeRobot (SSL expiration check).

Timeline: 30–60 minutes for one domain with Nginx.