Let’s Encrypt certificates need to be renewed every three months. The Arch Wiki has good documentation on automating the renewal process with systemd.
- In
/etc/systemd/system/certbot.service:
[Unit]
Description=Let's Encrypt renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew --quiet --agree-tos
- In
/etc/systemd/system/certbot.timer:
[Unit]
Description=Daily renewal of Let's Encrypt's certificates
[Timer]
OnCalendar=daily
RandomizedDelaySec=1day
Persistent=true
[Install]
WantedBy=timers.target
- Enable and start the timer:
sudo systemctl enable certbot.timer
sudo systemctl start certbot.timer