Octopus Deploy Documentation

Renew Let's Encrypt certificates

Last updated

Let's Encrypt is a popular nonprofit Certificate Authority that provides TLS certificates. However, creating and managing the renewals of these certificates across a large estate can be time-consuming. With Runbooks, you can automate this process to have your TLS certificates routinely checked for expiration, renewed, and securely stored in the Octopus certificate library.

If you're looking to secure your Octopus instance with a TLS certificate, take a look at our built-in Let's Encrypt integration.

In the following example, we'll use the Lets Encrypt - Azure DNS community step template.

Create the runbook

To create a runbook to renew your Let's Encrypt certificate:

  1. From your project's overview page, navigate to Operations ➜ Runbooks, and click ADD RUNBOOK.
  2. Give the runbook a name and click SAVE.
  3. Click DEFINE YOUR RUNBOOK PROCESS, and then click ADD STEP.
  4. Add a new step template from the community library called Lets Encrypt - Azure DNS, and give the step a name.
  5. Choose the Execution Location on which to run this step.
  6. Fill out all the parameters in the step. It is best practice to use variables rather than entering the values directly in the step parameters:
Parameter Description Example
Certificate Domain Domain (TLD, CNAME or Wildcard) to create a certificate for. *.domaintosecure.com
PFX Password Password to use when converting to / from PFX. Sup3r5ecretPa$$w0rd
Replace expiring certificate before N days Replace the certificate if it expiries within N days. 30
Azure account An Azure Account variable that has API access to make DNS changes. #
Octopus Deploy API key An Octopus Deploy API key with access to change Certificates in the Certificate Store. API-XXXXX
Use Lets Encrypt Staging Generate certificate using Let's Encrypt Staging? False
Contact Email Address Email address associated with the TLS Certificate. user@domain.com

Configure any other settings for the step and click Save, and you have a runbook step to create (or renew) a TLS certificate issued by Let's Encrypt, stored securely in the Octopus Certificate library.


We have an Octopus Admin Space on our Samples instance of Octopus. You can sign in as Guest to take a look at this example in the Lets Encrypt Certificate renewal project.

Learn More

Need support? We're here to help.