Is this correct way to set cron for renewal of Let's Encrypt cert in Apache2 ? I use Ubuntu 16.04.

@monthly letsencrypt renew && service apache2 reload

Best Answer

Monthly isn't enough

This script should run at least weekly and preferably daily Remember that certs don't get renewed until they are close to expiration and you may have to renew your existing certs monthly again in the future

The name of the program is certbot , which was renamed from letsencrypt . If you are still using letsencrypt , you need to update to the current version.

Aside from those issues, it's about the same as my cron jobs.

43 6 * * * certbot renew --post-hook "systemctl reload nginx"

Note: in 18.04 LTS the letsencrypt package has been (finally) renamed to certbot . It now includes a systemd timer which you can enable to schedule certbot renewals, with systemctl enable certbot.timer and systemctl start certbot.timer . Ubuntu provided no way to specify hooks You'll need to set up an override for certbot.service to override ExecStart= with your desired command line, until Canonical fixes this.