Tutorial: Configure SSL/TLS on Amazon Linux 2 - Amazon Elastic Compute Cloud
Configure automated certificate renewal
Certbot is designed to become an invisible, error-resistant part of your server system. By default, it generates host certificates with a short, 90-day expiration time. If you have not configured your system to call the command automatically, you must re-run the certbot command manually before expiration. This procedure shows how to automate Certbot by setting up a cron job.
To automate Certbot
Open the
/etc/crontabfile in a text editor, such as vim or nano, using sudo. Alternatively, use sudo crontab -e.Add a line similar to the following and save the file.
39 1,13 * * * root certbot renew --no-self-upgradeHere is an explanation of each component:
39 1,13 * * *Schedules a command to be run at 01:39 and 13:39 every day. The selected values are arbitrary, but the Certbot developers suggest running the command at least twice daily. This guarantees that any certificate found to be compromised is promptly revoked and replaced.
rootThe command runs with root permissions.
certbot renew --no-self-upgradeThe command to be run. The renew subcommand causes Certbot to check any previously obtained certificates and to renew those that are approaching expiration. The
--no-self-upgradeflag prevents Certbot from upgrading itself without your intervention.
Restart the cron daemon.
[ec2-user ~]$sudo systemctl restart crond
Không có nhận xét nào:
Đăng nhận xét