Automating Let's Encrypt certificate renewal

I think Let's Encrypt is great, it's the way forward to a safer web, free of clear text transmissions. Hopefully the companies that have, until today, monopolized the highly expensive SSL certificate market will take a huge blow seeing that Let's Encrypt can stroll right in and offer the same DV certificates for free.

I've seen a large number of people complaining about having to stop their web servers to run the SimpleHTTPServer to verify domain ownership. These people didn't read the documentation that shows that one of the plugins (called webroot) allows you to specify the web root of the domain(s) you are trying to validate, allowing you to keep your current web server running. Note: both domains must have the same web root.

I've found the graphical interface to all of this quite confusing, and have found a simpler way involving a configuration file for each domain: [].ini (Example: This means that the certificate can be renewed at a regular interval (60 days) without human intervention.

rsa-key-size = 4096
server =
text = True
authenticator = webroot
agree-dev-preview = True
agree-tos = True
renew-by-default = True
email =
webroot-path = /home/cuonic/

What you need to change: email, webroot-path and domain. server will need to be changed when Let's Encrypt leaves the beta stage.

When that's done and saved, time to renew that certificate:

sudo letsencrypt -c [].ini -d [] -d [] auth (Example: sudo letsencrypt -c -d -d auth)

You should get the following output:

- Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/[]/fullchain.pem. Your cert will
expire on [date]. To obtain a new version of the certificate in
the future, simply run Let's Encrypt again.

Now you can add a cronjob to do all of this automagically every 60 days:

sudo su -
crontab -e
0 0 1 */2 * /usr/bin/letsencrypt -c /path/to/config/[].ini -d [] -d [] auth

I didn't add >/dev/null 2>&1 so that I receive an email whenever this is executed (I don't mind an email every 2 months, it's a bit more annoying for cronjobs executed every minute), that way I know whether the process succeeded or not.