Renewing Let’s Encrypt certificates using a systemd timer
When deploying certificates from Let’s Encrypt, you’ll want to automate the renewal process since the certificates issued are valid for only 90 days. If you’re using Arch Linux, or another distribution that has adopted systemd, you can configure a systemd service and timer to automatically renew your certificates using the Certbot client. This approach allows you to manage the service using systemctl and journalctl, and does not require that the cron job scheduler be installed.
Before setting up a systemd service, you should run sudo certbot renew --dry-run to test your renewal configuration.
Service unit file
Service unit files contain information about a process controlled and supervised by systemd.
Create a service unit file. Service units installed by the system administrator are typically stored in /etc/systemd/system/ directory, but this may vary depending on the Linux distribution.
The above service executes the certbot renew command and restarts the httpd service after the renewal process has completed.
Timer unit file
Timer unit files contain information about a timer controlled and supervised by systemd. By default, a service with the same name as the timer is activated.
Create a timer unit file in the same directory as the service file. The configuration below will activate the service weekly, and 300 seconds after boot-up.