diff --git a/sbcl-nginx.yml b/sbcl-nginx.yml
index 079c37f..33f2ea9 100644
--- a/sbcl-nginx.yml
+++ b/sbcl-nginx.yml
@@ -284,6 +284,8 @@ runcmd:
   # Run Certbot to obtain SSL certificates and configure Nginx
   - certbot certonly --nginx -d u1.metaebene.dev --non-interactive --agree-tos --email marcus.kammer@mailbox.org --redirect
   - certbot certonly --nginx -d docs.u1.metaebene.dev --non-interactive --agree-tos --email marcus.kammer@mailbox.org --redirect
+  # Add cron job for automatic certificate renewal (runs once a month)
+  - echo '0 0 1 * * root certbot renew --post-hook "systemctl reload nginx" >> /var/log/letsencrypt/letsencrypt-auto-renew.log' > /etc/cron.d/letsencrypt-renew
   # Download DHPARAM
   - curl https://ssl-config.mozilla.org/ffdhe2048.txt > /etc/letsencrypt/ssl-dhparam.pem
   # Create a symlink for the configuration file