bash 5 lines · 1 tab

TLS certificate automation with certbot and strict renewal checks

Kai Nakamura Apr 2026
1 tab
#!/usr/bin/env bash
set -euo pipefail

certbot renew --quiet --deploy-hook "systemctl reload nginx"
openssl x509 -enddate -noout -in /etc/letsencrypt/live/example.com/fullchain.pem
1 file · bash Explain with highlit

Certificate expiry outages are avoidable with boring automation and good alerting. I use automatic renewal, post-renew validation hooks, and external checks that warn well before expiry. TLS is not finished once the first certificate works.

Share this code

Here's the card — post it anywhere.

TLS certificate automation with certbot and strict renewal checks — share card
Link copied