diff --git a/README.md b/README.md
index 66bcf23..58d87f9 100644
--- a/README.md
+++ b/README.md
@@ -20,6 +20,13 @@ Certbot code repository options. This role clones the agent from the configured
 
 The directory inside which Certbot will be cloned.
 
+    certbot_auto_renew: true
+    certbot_auto_renew_user: "{{ ansible_user }}"
+    certbot_auto_renew_hour: 3
+    certbot_auto_renew_minute: 30
+
+By default, this role configures a cron job to run under the provided user account at the given hour and minute, every day. The defaults run `certbot-auto renew` via cron every day at 03:30:00 by the user you use in your Ansible playbook. It's preferred that you set a custom user/hour/minute so the renewal is during a low-traffic period and done by a non-root user account.
+
 ## Dependencies
 
 None.
@@ -27,6 +34,12 @@ None.
 ## Example Playbook
 
     - hosts: servers
+    
+      vars:
+        certbot_auto_renew_user: your_username_here
+        certbot_auto_renew_minute: 20
+        certbot_auto_renew_hour: 5
+    
       roles:
         - geerlingguy.certbot
 
@@ -38,9 +51,7 @@ After installation, you can create certificates using the `certbot-auto` script,
     # Generate certs, but don't modify Apache configuration (safer).
     /opt/certbot/certbot-auto --apache certonly
 
-To set up renewals, you should run the following command periodically (e.g. once or twice per day):
-
-    /opt/certbot/certbot-auto renew --quiet --no-self-upgrade
+By default, this role adds a cron job that will renew all installed certificates once per day at the hour and minute of your choosing.
 
 You can test the auto-renewal (without actually renewing the cert) with the command:
 
diff --git a/defaults/main.yml b/defaults/main.yml
index ec0a908..793362c 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -1,6 +1,14 @@
 ---
+# Where to get Certbot.
 certbot_repo: https://github.com/certbot/certbot.git
 certbot_version: master
 certbot_keep_updated: yes
 
+# Where to put Certbot.
 certbot_dir: /opt/certbot
+
+# How to keep Certbot certs up to date.
+certbot_auto_renew: true
+certbot_auto_renew_user: "{{ ansible_user }}"
+certbot_auto_renew_hour: 3
+certbot_auto_renew_minute: 30
diff --git a/tasks/main.yml b/tasks/main.yml
index 5ff5548..ed076dc 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -10,3 +10,12 @@
   file:
     path: "{{ certbot_dir }}/certbot-auto"
     mode: 0755
+
+- name: Add cron job for 'certbot-auto renew' (if configured).
+  cron:
+    name: Certbot automatic renewal.
+    job: "{{ certbot_dir }}/certbot-auto renew --quiet --no-self-upgrade"
+    minute: "{{ certbot_auto_renew_minute }}"
+    hour: "{{ certbot_auto_renew_hour }}"
+    user: "{{ certbot_auto_renew_user }}"
+  when: certbot_auto_renew
diff --git a/tests/test.yml b/tests/test.yml
index ac3eb64..cf90f58 100644
--- a/tests/test.yml
+++ b/tests/test.yml
@@ -7,6 +7,14 @@
       when: ansible_os_family == 'Debian'
       changed_when: false
 
+    - name: Install cron (RedHat).
+      yum: name=cronie state=present
+      when: ansible_os_family == 'RedHat'
+
+    - name: Install cron (Debian).
+      apt: name=cron state=present
+      when: ansible_os_family == 'Debian'
+
   roles:
     - geerlingguy.git
     - role_under_test