I configured this blog to use a free, automatically-issued Let's Encrypt SSL certificate around 6 months ago.
The command to issue the cert is as follows:
letsencrypt-auto certonly \ -a webroot \ --webroot-path /var/www/sites/blog.yo61.com/html/ \ -d blog.yo61.com \ --agree-tos \ --email robin.bowes@example.com
To check if an existing certificate will expire within the next 28 days, use this command:
openssl x509 \ -checkend 2419200 \ -noout \ -inform pem \ -in /etc/letsencrypt/live/blog.yo61.com/cert.pem
Put these together, and run from a daily cron job (remembering to restart your web server after changing the certificate) and your cert will automatically renew 28 days before it expires.
openssl x509 \ -checkend 2419200 \ -noout \ -inform pem \ -in /etc/letsencrypt/live/blog.yo61.com/cert.pem || \ letsencrypt-auto certonly \ -a webroot \ --webroot-path /var/www/sites/blog.yo61.com/html/ -d blog.yo61.com \ --agree-tos \ --email robin.bowes@example.com && \ systemctl restart httpd