How do I test if SSL auto-renewal works?
Run sudo certbot renew --dry-run. This simulates the renewal process without actually renewing. If it succeeds, auto-renewal is working. If it fails, check the error message common issues are port 80 not accessible or Nginx config errors.
Verify This Answer
Cross-check this information using these trusted sources:
More FAQs in Nginx SSL Certificate Renewal and Updates Let's Encrypt Auto-Renewal
Certbot sets up a systemd timer that runs 'certbot renew' twice daily. When a certificate is within 30 days of expiry, it renews automatically. Set up a deploy hook to reload Nginx: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx'. Test with certbot renew --dry-run.
Set up a deploy hook: create /etc/letsencrypt/renewal-hooks/deploy/reload-nginx.sh with 'systemctl reload nginx', make it executable. Or run 'sudo certbot renew --deploy-hook "systemctl reload nginx"'. The deploy hook runs automatically after each successful renewal.
Run 'sudo certbot certificates' to see all certificates with expiry dates. Or use 'echo | openssl s_client -connect yourdomain.com:443 | openssl x509 -noout -dates' to check a specific domain. Set up a cron job to alert when certificates are within 30 days of expiry.
Still have questions?
Browse all our FAQs or reach out to our support team
