How to automate cerbot auto renewal for certificates on OEL7
Automating certificates renewal using snapd-cerbot instead of the old cerbot-auto which is getting deprecated.
Installing snapd on OEL7 or CentOS7
sudo yum install snapd
Once installed, the systemd unit that manages the main snap communication socket needs to be enabled:
sudo systemctl enable --now snapd.socket sudo systemctl start snapd sudo systemctl status snapd sudo ln -s /var/lib/snapd/snap /snap
Installing cerbot using snapd
sudo snap install --classic certbot
Execute the following instruction on the command line on the machine to ensure that the certbot command can be run.
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
sudo certbot --nginx
Test automatic renewal
The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
sudo certbot renew --dry-run
The command to renew certbot is installed in one of the following locations:
/etc/crontab/ /etc/cron.*/* systemctl list-timers