Prerequisites
Before setting up auto-renewal, make sure you have:
- Let's Encrypt SSL already installed
- Admin access to HestiaCP
HestiaCP Auto-Renewal System
HestiaCP automatically attempts to renew Let's Encrypt certificates every 24 hours via cron job.
Check Auto-Renewal Cron Job
ssh hxroot@YOUR_SERVER_IP -p 22crontab -l | grep hestiaYou should see:
0 4 * * * /usr/local/hestia/bin/v-update-letsencrypt-sslManual Renewal Check
/usr/local/hestia/bin/v-update-letsencrypt-sslRenew Specific Domain
/usr/local/hestia/bin/v-check-letsencrypt-domain admin example.comCheck Certificate Expiry Date
echo | openssl s_client -servername example.com -connect example.com:443 2>/dev/null | openssl x509 -noout -datesOr via browser: Click padlock → Certificate → Details.
Troubleshooting Auto-Renewal
Renewal failed:
- Verify domain still points to your server
- Check port 80 is open
- Check logs:
tail -f /var/log/hestia/nginx-error.log - Check if rate limit exceeded
Test renewal manually:
/usr/local/hestia/bin/v-check-letsencrypt-domain admin example.com✅ SSL auto-renewal is configured and working.