Pembaruan Otomatis Sertifikat Lets Encrypt Menggunakan Systemd Timer

Posted on January 18, 2019

Pakai let's encrypt? untuk banyak domain? masa iya mau mengingat-ingat satu demi satu kapan harus renew. Merepotkan, dibikin otomatis saja.

Saya pakai let's encrypt untuk berbagai domain dan sub domain, setupnya gini:

• Nginx sebagai webserver
• Certbot sebagai generator sertifikat let's encrypt

Cara renewal otomatis?

bikin service systemd

nano /etc/systemd/system/certbot-renewal.service

Isinya begini:

[Unit]
Description=Renew certificates

[Service]
Type=oneshot
ExecStart=/bin/certbot renew --post-hook "/sbin/nginx -s reload" --quiet

bikin timer systemd

nano /etc/systemd/system/certbot-renewal.timer

Isinya begini:

[Unit]
Description=Twice daily check for cert renewal

[Timer]
OnCalendar=*-*-* 06,18:09:00
Persistent=true

[Install]
WantedBy=timers.target

Enable service dan timer tadi

systemctl enable certbot-renewal.service
systemctl enable certbot-renewal.timer

start timer

systemctl start certbot-renewal.timer

cek status timer

systemctl list-timers --all

Hasilnya kira-kira begini:

NEXT                         LEFT          LAST                         PASSED  UNIT                         ACTIVATES
Fri 2019-01-18 11:23:24 WIB  2h 53min left Thu 2019-01-17 11:23:24 WIB  21h ago systemd-tmpfiles-clean.timer systemd-tmpfiles-clean.service
Fri 2019-01-18 18:09:00 WIB  9h left       n/a                          n/a     certbot-renewal.timer        certbot-renewal.service
n/a                          n/a           n/a                          n/a     systemd-readahead-done.timer systemd-readahead-done.service

3 timers listed.

Selesai. Semoga bermanfaat. Ditunggu feedback-nya.