The plugin can provide an “AutoSSL”-type functionality.

This is disabled by default.

If enabled, this will, every 12 hours (after renewals are done processing):

  • Find virtual hosts that
  • Have no valid (not self-signed and not expiring within the next 48h) certificates
  • Gather all of the domains that pass the DCV (Domain Control Validation) check, and add certificates via the plugin for all of them
  • Domains that fail the DCV will be skipped automatically
  • Certificates that fall outside the rate limits of Let’s Encrypt (i.e. more than 100 names per cert) will be skipped
  • Domains that repeatedly fail will eventually stop being retried, but they can always be issued via the UI

We strongly recommend enabling deferred apache restarts when using this feature. Please see Configuration for more details.


[root@~]$ le-cp autossl enable
[root@~]$ le-cp autossl disable

Running for a user without waiting

Note that this function may be used even if AutoSSL has not been enabled as shown above.

# will print a list of certificates that were issued as a result
[root@~]$ le-cp autossl run-for-user <username>

You may also add a --verbose flag to the end, which will list the reason that any particular domain is not included on the resulting certificate.