auto-renew letsencrypt.txt

-----------------------------------------------
/etc/systemd/system/renew-letsencrypt.service :
-----------------------------------------------

[Unit]
Description=Renew Let's Encrypt certificates

[Service]
Type=oneshot
# check for renewal, only start/stop nginx if certs need to be renewed
ExecStart=/opt/letsencrypt/certbot-auto renew --standalone --pre-hook "/bin/systemctl stop nginx" --post-hook "/bin/systemctl start nginx"

---------------------------------------------
/etc/systemd/system/renew-letsencrypt.timer :
---------------------------------------------

[Unit]
Description=Daily renewal of Let's Encrypt's certificates

[Timer]
# once a day, at 2AM
OnCalendar=*-*-* 02:00:00
# Be kind to the Let's Encrypt servers: add a random delay of 0–3600 seconds
RandomizedDelaySec=3600
Persistent=true

[Install]
WantedBy=timers.target

==========================================================================

sudo systemctl daemon-reload
sudo systemctl start renew-letsencrypt.timer
sudo systemctl enable renew-letsencrypt.timer
- start and enable the timer

sudo systemctl list-timers
sudo journalctl -u renew-letsencrypt
sudo journalctl -u renew-letsencrypt --since="yesterday"
- You can verify that the timer has been started, its planned execution times, service logs