Renewing Let’s Encrypt certificates using a systemd timer
When deploying certificates from Let’s Encrypt, it’s advisable that you automate renewal since the certificates issued are valid for only 90 days. If you’re using Arch Linux, or another distribution that has adopted systemd, you can configure a systemd service and timer to automatically renew your certificates using the Certbot client. This approach allows you to manage the service using
journalctl, and does not require that the cron job scheduler be installed.
Before setting up a systemd service, you should run
sudo certbot renew --dry-run to test your renewal configuration.
Service unit file
Service unit files contain information about a process controlled and supervised by systemd.
Create a service unit file. Service units installed by the system administrator are typically stored in
/etc/systemd/system/ directory, but this may vary depending on the Linux distribution.
The above service executes the
certbot renew command and restarts the httpd service after the renewal process has completed.
Timer unit file
Timer unit files contain information about a timer controlled and supervised by systemd. By default, a service with the same name as the timer is activated.
Create a timer unit file in the same directory as the service file. The configuration below will activate the service weekly, and 300 seconds after boot-up.
Using systemctl and journalctl
To start the timer:
To enable the timer to be started on boot-up:
To show status information for the timer:
To show journal entries for the timer: