Automatic Let’s Encrypt Certificate Renewal on Bitnami
I’m handling all infra setup for tiendabonsai.net, this is a Wordpress website that I migrated from AWS LightSail to EC2 while ago, to know more about this process check this post.
When the website was running on AWS LightSail I configured HTTPS certificate using Let’s Encrypt. Apparently there is a maximum duration of 90 days per certificate, so after that you need to manually renew it unless you prepare an automatic script.
This is the email I received from
Your certificate (or certificates) for the names listed below will expire in 20 days (on 30 Apr 21 14:23 +0000). Please make sure to renew your certificate before then, or visitors to your web site will encounter errors.
We recommend renewing certificates automatically when they have a third of their total lifetime left. For Let’s Encrypt’s current 90-day certificates, that means renewing 30 days before expiration. See https://letsencrypt.org/docs/integration-guide/ for details.
For any questions or support, please visit: https://community.letsencrypt.org/ Unfortunately, we can’t provide support by email.
For details about when we send these emails, please visit: https://letsencrypt.org/docs/expiration-emails/ In particular, note that this reminder email is still sent if you’ve obtained a slightly different certificate by adding or removing names. If you’ve replaced this certificate with a newer one that covers more or fewer names than the list above, you may be able to ignore this message.
After doing an investigation and checking the official Bitnami documentation I found a cool solution to avoid having to renew the certificate every 90 days. This consists on creating an script and running it from crontab.
First I created the script:
sudo vim /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
I added the following content to it:
#!/bin/bash sudo /opt/bitnami/ctlscript.sh stop apache sudo /opt/bitnami/letsencrypt/lego --tls --email="<my-personal-email>" --domains="tiendabonsai.net" --path="/opt/bitnami/letsencrypt" renew --days 90 sudo /opt/bitnami/ctlscript.sh start apache
(Note that this setup is for Apache)
I added execution permissions:
sudo chmod +x /opt/bitnami/letsencrypt/scripts/renew-certificate.sh
Then, I edited the crontab configuration:
sudo crontab -e
And I added this line:
0 0 1 * * /opt/bitnami/letsencrypt/scripts/renew-certificate.sh 2> /dev/null
When I tried to execute the script I got an error:
Unmonitored apache Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd stopped 2021/04/10 15:15:02 Account is not registered. Use ‘run’ to register a new account. Syntax OK /opt/bitnami/apache2/scripts/ctl.sh : httpd started at port 80 Monitored apache
To fix it I did the following:
First, I stopped Apache:
sudo /opt/bitnami/ctlscript.sh stop apache
Then, I executed
lego run instruction as this:
sudo lego --tls --email="<my-personal-email>" --domains="tiendabonsai.net" --path="/opt/bitnami/letsencrypt" run
And finally, I started Apache:
sudo /opt/bitnami/ctlscript.sh start apache
With this configuration I won’t have to handle any other future renewal, I hope you find it useful.