How to configure auto-update of Let’s Encrypt certificates with Nginx

Article By ivan

BIP media KB Knowledge Base Community Author

Encrypt certificates Lets encrypt free ssl for your VPS server - Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. One of the features of Let’s Encrypt is ninety-day lifetimes for certificates. There are many tutorials how to automate the procedure of updating certificates.

All of them have their pros and cons. For example you must manually create folders and files or stop web-server for several minutes... I think I found one of the simpliest ways.

The main idea is to let Let's Encrypt to start a web-server on 9999-port and configure nginx to pass a request to that back-end.

Let’s go Step By Step:

Install Let’s Encrypt

cd /opt
git clone && cd letsencrypt

Create a configuration file for nginx

Open file with your favorite text editor /etc/nginx/template/letsencrypt.conf

location ~ ^/(.well-known/acme-challenge/.*)$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Add the next line to your nginx configuration file

include template/letsencrypt.conf;

Test and restart Nginx

nginx -t
systemctl restart nginx

That's all. Run let's encrypt to get a certificate

/opt/letsencrypt/letsencrypt-auto --agree-tos --renew-by-default --standalone --standalone-supported-challenges http-01 --http-01-port 9999 --server certonly -d YOUR_DOMAIN_NAME

Schedule the task for auto-update of SSL-certificates

(weekly check)

crontab -e
#Letsencrypt autoupdate
30 1 * * 1 /opt/letsencrypt/letsencrypt-auto renew >> /dev/null 2>&1


If you want you can add a command to inform you when the certificate is updated. You can have several DOMAIN_NAMES (or SUBDOMAINS) on the server, all of them will be updated automatically.

Tags: , , , , , , ,

Spin up a VPS server in no time flat

Simple setup. Full root access. Straightforward pricing.


Leave a Reply