Student, Developer, Technology Advocate
Welcome to my personal website

Guide: Using Crontab and Shell Scripting to Automatically Update Your HTTPS Certificate

on Nov. 6, 2016, 9:03 p.m.

Setting up HTTPS on your website can be very frustrating. Between the large amount of commands, configuration files, and testing, just about anything can go wrong. A few weeks ago in the guide, Guide: Setting up an HTTPS secured Django website, I showed you how to at least get everything setup. But lets say you get the dreaded, YOUR CERTIFICATE HAS EXPIRED, email.

How can you prevent this from happening and come up with an automated solution to solve our problems? Firstly, how would you update your certificate in a non-automated fashion? The commands I came up with were. In this guide, I am currently using an Ubuntu 16.04 DigitalOcean server.

service nginx stop
source /home/myproject/myprojectenv/bin/activate
/home/myproject/letsencrypt/./certbot-auto certonly --standalone -d mikejameshamm.com -d www.mikejameshamm.com
service nginx restart
shutdown -r now

Basically, you must first shutdown your virtual server before updating your cert. This could cause a lot of issues if for example Nginx was not shutdown. Next you must activate your virtualenv. For a python based website this is very import because your virtualenv has all of your python dependencies installed separately from your standard machine libraries; a virtualenv is separate from your system in a very similar fashion to how a virtual machine is separate from your system. The next command may vary, but if you are certified using letsencrypt or certbot you could enter something similar to the code above. Substitute in whatever command you run to update your cert. Next we have to remember to turn back on our virtual server. I just decided to restart it. Finally, I like to restart my whole server because no matter how many times you restart Nginx, Gunicorn, or any other software on your server, turning it off and on always seems to fix some weird bugs.

Now that we know the required commands to update our cert, we need to figure out how to automate this. My solution was to take the commands listed about and stick them right into a shell file. I created the file update_cert.sh and populated it with the info above. Make sure to add #!/usr/bin/bash as the shebang line. After your shell file is created, make sure it can be run as an executable. This can be done by entering (assuming you are sudo user)...

chmod u+x update_cert.sh

Now that we have our executable, lets setup a crontab script to run on a schedule. I am going to schedule this script to run once a month. You could have this run multiple times a week but it really is not necessary for a site as small as this. To open up a crontab script, enter the following command in the terminal.

crontab -e

After crontab opens, add the following lines and substitute in the appropriate information.

@monthly /home/my_scripts/./update_cert.sh

Now we can test our script by running ./update_cert in the appropriate directory. Remember, if this works correctly you should be booted off of your server and be required to login!

The code listed above may or may not be the "best" solution. Please be advised that this is just the way I did it. There are normally thousands of different ways to solve the same programming problem. Find an error? Let me know in the contact form below.

Contact Me

Feel free to email me feedback, suggestions, notes, or to just say hello!