Renew Let's Encrypt certificates

Let’s Encrypt is a popular nonprofit Certificate Authority that provides TLS certificates. However, creating and managing the renewals of these certificates across a large estate can be time-consuming. With Runbooks, you can automate this process to have your TLS certificates routinely checked for expiration, renewed, and securely stored in the Octopus certificate library.

If you’re looking to secure your Octopus instance with a TLS certificate, take a look at our built-in Let’s Encrypt integration.

In the following example, we’ll use the Lets Encrypt - Azure DNS community step template.

Create the runbook

To create a runbook to renew your Let’s Encrypt certificate:

  1. From your project’s overview page, navigate to Operations ➜ Runbooks, and click ADD RUNBOOK.
  2. Give the runbook a name and click SAVE.
  3. Click DEFINE YOUR RUNBOOK PROCESS, and then click ADD STEP.
  4. Add a new step template from the community library called Lets Encrypt - Azure DNS, and give the step a name.
  5. Choose the Execution Location on which to run this step.
  6. Fill out all the parameters in the step. It is best practice to use variables rather than entering the values directly in the step parameters:
Certificate DomainDomain (TLD, CNAME or Wildcard) to create a certificate for.*
PFX PasswordPassword to use when converting to / from PFX.Sup3r5ecretPa$$w0rd
Replace expiring certificate before N daysReplace the certificate if it expiries within N days.30
Azure accountAn Azure Account variable that has API access to make DNS changes.#{Project.Azure.Account}
Octopus Deploy API keyAn Octopus Deploy API key with access to change Certificates in the Certificate Store.API-XXXXX
Use Lets Encrypt StagingGenerate certificate using Let’s Encrypt Staging?False
Contact Email AddressEmail address associated with the TLS

Configure any other settings for the step and click Save, and you have a runbook step to create (or renew) a TLS certificate issued by Let’s Encrypt, stored securely in the Octopus Certificate library.


We have an Octopus Admin Space on our Samples instance of Octopus. You can sign in as Guest to take a look at this example in the Lets Encrypt Certificate renewal project.

Learn More

Help us continuously improve

Please let us know if you have any feedback about this page.

Send feedback

Page updated on Sunday, January 1, 2023