Art of Code
Back to Blog
tutorials

Bash Script to Automatically Renew and Reload SSL Certificates

Keeping your website secure isn’t optional anymore. Users expect it, browsers enforce it, and search engines reward it. SSL certificates are a core part of that...

Gift Balogun5 min read
Bash Script to Automatically Renew and Reload SSL Certificates

Keeping your website secure isn’t optional anymore. Users expect it, browsers enforce it, and search engines reward it. SSL certificates are a core part of that security, but managing them manually can quickly become a headache, especially when they expire every 90 days.

If you’ve ever had a site go down or show a "Not Secure" warning because of an expired certificate, you know how frustrating it can be.

The good news is that you can automate the entire process. In this post, you’ll learn how to use a simple Bash script to automatically renew your SSL certificates and reload your web server without any downtime.

Why Automating SSL Renewal Matters

Let’s start with the obvious. SSL certificates expire. If you’re using Let’s Encrypt, they typically last 90 days. That’s great for security, but it means you need a reliable renewal process.

Manual renewal comes with risks:

  • You forget to renew on time
  • You renew but forget to reload your server
  • Your site goes offline unexpectedly

Automation solves all of this. Once set up, your system quietly handles renewals in the background.

You get:

  • Continuous HTTPS protection
  • Zero manual effort
  • No surprise outages

What This Script Does

The Bash script we’re working with handles three main tasks:

  1. Renews SSL certificates using Certbot
  2. Checks if renewal was successful
  3. Reloads your web server (like Nginx or Apache) to apply changes

It’s simple, efficient, and reliable.

The Bash Script

Here’s a clean version of the script:

#!/bin/bash

LOG_FILE="/var/log/ssl_renewal.log"
DATE=$(date '+%Y-%m-%d %H:%M:%S')

echo "[$DATE] Starting SSL renewal process..." >> $LOG_FILE

# Renew certificates
certbot renew --quiet

# Check if renewal was successful
if [ $? -eq 0 ]; then
    echo "[$DATE] SSL certificates renewed successfully." >> $LOG_FILE
    
    # Reload web server
    systemctl reload nginx
    
    if [ $? -eq 0 ]; then
        echo "[$DATE] Nginx reloaded successfully." >> $LOG_FILE
    else
        echo "[$DATE] Failed to reload Nginx." >> $LOG_FILE
    fi
else
    echo "[$DATE] SSL renewal failed." >> $LOG_FILE
fi

Breaking It Down

If you’re not deeply familiar with Bash, here’s what’s happening in plain terms.

Logging Activity

The script logs everything to a file:

LOG_FILE="/var/log/ssl_renewal.log"

This is useful for troubleshooting. If something goes wrong, you can check the log.

Running Certbot

certbot renew --quiet

This command attempts to renew any certificates that are close to expiration. The --quiet flag keeps things clean unless there’s an error.

Checking Success

if [ $? -eq 0 ];

This checks whether the previous command worked. A return value of 0 means success.

Reloading the Server

systemctl reload nginx

This applies the new certificates without restarting the server, which means no downtime.

If you’re using Apache instead, you’d replace that with:

systemctl reload apache2

Automating with Cron

The script is only useful if it runs automatically. That’s where cron jobs come in.

Open your crontab:

crontab -e

Add this line to run the script daily at 2:30 AM:

30 2 * * * /path/to/your/script.sh

Make sure your script is executable:

chmod +x /path/to/your/script.sh

That’s it. Your server now handles SSL renewal on its own.

Best Practices for SSL Automation

To keep things running smoothly, follow a few simple guidelines:

1. Test your setupRun the script manually before relying on automation:

./script.sh

2. Use staging mode firstIf you’re testing renewal logic:

certbot renew --dry-run

3. Monitor logsCheck your log file occasionally:

cat /var/log/ssl_renewal.log

4. Set up alerts (optional)For production systems, consider email alerts if renewal fails.

Common Issues to Watch For

Even with automation, things can go wrong. Here are a few common problems:

  • Port 80/443 blocked: Certbot needs access for validation
  • Incorrect domain configuration
  • Server reload failures due to config errors

If renewal fails, the logs will usually point you in the right direction.

SEO Benefits of SSL (Yes, It Matters)

Beyond security, SSL certificates also impact your search rankings from the eyes of a developer.

Google uses HTTPS as a ranking signal. Sites without SSL may:

  • Rank lower in search results
  • Show "Not Secure" warnings in browsers
  • Lose user trust

Automating SSL renewal helps maintain both your security and your SEO performance.

Final Thoughts

Automating SSL certificate renewal with a Bash script is one of those small improvements that pays off constantly. It saves time, prevents downtime, and keeps your site secure without ongoing effort.

Once you set it up, you can forget about expiration dates and focus on what actually matters, like building and growing your site.

If you manage multiple servers or websites, this approach becomes even more valuable.

If you found this helpful, consider sharing it with someone who manages servers or websites. It might save them from their next "certificate expired" panic.