Hugo Part 3: Auto Renew Certificate
2025-03-20 | #Automation #HTTPS #Hugo
For servers that completely block port 80 for security requirements, we need to temporarily open port 80 when renewing Let’s Encrypt certificates. Here’s an automated solution using systemd timer and AWS CLI (Assume you already configured it). Create the renewal script: #!/bin/bash # /usr/local/bin/certbot-renew-with-sg.sh SG_ID="sg-CAFEBABE7355608" RULE_DESCRIPTION="Temporary HTTP for LetsEncrypt" add_sg_rule() { aws ec2 authorize-security-group-ingress \ --group-id $SG_ID \ --protocol tcp \ --port 80 \ --cidr 0.0.0.0/0 \ --description "$RULE_DESCRIPTION" sleep 10 } remove_sg_rule() { aws ec2 revoke-security-group-ingress \ --group-id $SG_ID \ --protocol tcp \ --port 80 \ --cidr 0.