This script provides an automated solution for renewing SSL certificates using Certbot for Node.js and Express applications. It handles domain validation, certificate retrieval, and server restart processes seamlessly.
Since Let’s Encrypt has disabled email alerts for users to manually renew their domains, and many people use Node.js + Express.js servers without win-acme for automatic renewal, I developed this simple code to facilitate automatic SSL certificate renewal on your Node.js + Express.js server.
- Automatic SSL certificate renewal for multiple domains
- HTTP-based ACME challenge handling
- Scheduled certificate expiration checks
- Automatic certificate file copying
- Server restart after certificate renewal
- Node.js
- Express.js
- Certbot installed on the system
- Administrative/root access for certificate management
-
Clone the repository or download the renewal.js file:
git clone https://github.com/piroposantosdev/nodejs-express-ssl-auto-renewal.git cd your-project-directory -
Install dependencies:
- If you are using windows machine
Download certbot_signed.exe and install it
- If you are using linux machine and don't have snapd installed
sudo apt update sudo apt install snapd sudo snap install --classic certbot
-
Configure the script:
- Update
domainsarray with your specific domain names - Modify
certOutputPathto match your preferred certificate storage location - Adjust the
letsEncryptPathto match your Certbot installation - Update the server restart command in
copyLatestCertificates()function
- Update
domains: List of domains to obtain SSL certificates forcertOutputPath: Directory where certificates will be storedletsEncryptPath: Certbot's default certificate storage location
renewCertificate(): Initiates the SSL certificate renewal processparseAndSaveChallenges(): Handles ACME challenge tokenscopyLatestCertificates(): Copies renewed certificates to specified locationscheduleRenewalCheck(): Periodically checks certificate expiration
- The script uses non-interactive mode with Certbot
- Supports multiple domain certificates
- Implements automatic challenge response mechanism
- Ensure Certbot is installed on your system
- Configure firewall to allow HTTP challenges
- Run the script with appropriate permissions
You can manually trigger certificate renewal by calling:
manualRenewalTrigger();The script includes comprehensive error logging for:
- Certbot execution failures
- Certificate copy errors
- Renewal process interruptions
Modify the following to suit your infrastructure:
- Domain list
- Certificate paths
- Server restart mechanism
child_process: For executing system commandsfs: File system operationspath: Path manipulation
Detailed logs are printed to the console, capturing:
- Challenge token details
- Certificate renewal status
- Copy operations
- Error messages
- Ensure Certbot is correctly installed
- Verify domain DNS configuration
- Check network and firewall settings
- Confirm script has necessary permissions
Copyright [2025] [piroposantosdev]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.
Contributions are welcome! Please submit pull requests or open issues for improvements and bug fixes.
This script is provided as-is. Always test in a staging environment before production deployment.