Automating Certbot Renewals

I was renewing my Let’s Encrypt certificates using the cron entry below, but this was problematic, as I was turning Apache off/on with each attempt, whether or not there was a certificate update available.

42 3 * * * root /usr/sbin/apache2ctl stop; /opt/certbot-auto renew >> /var/log/certbot-auto.log; /usr/sbin/apache2ctl start;

After checking with a co-worker and reading the documentation, I found a better way to automate my Let’s Encrypt certificates.

42 3 * * * root /opt/certbot-auto renew --pre-hook "/usr/sbin/apache2ctl stop" --post-hook "/usr/sbin/apache2ctl start" >> /var/log/certbot-auto.log`

Using this method, Apache will only stop/start if there is a certificate renewal required.