diff --git a/manifests/certonly.pp b/manifests/certonly.pp
index 33845c0a..64ebb152 100644
--- a/manifests/certonly.pp
+++ b/manifests/certonly.pp
@@ -14,12 +14,16 @@
 # [*additional_args*]
 #   An array of additional command line arguments to pass to the
 #   `letsencrypt-auto` command.
+# [*manage_cron*]
+#   Boolean indicating whether or not to schedule cron job for renewal, 
+#   runs daily but only renews if near expiration e.g within 10 days. 
 #
 define letsencrypt::certonly (
   Array[String]                           $domains          = [$title],
   Enum['apache', 'standalone', 'webroot'] $plugin           = 'standalone',
   String                                  $letsencrypt_path = $letsencrypt::path,
   Optional[Array[String]]                 $additional_args  = undef,
+  Boolean                                 $manage_cron      = false,
 ) {
 
   $command = inline_template('<%= @letsencrypt_path %>/letsencrypt-auto certonly -a <%= @plugin %> -d <%= @domains.join(" -d ")%><% if @additional_args %> <%= @additional_args.join(" ") %><%end%>')
@@ -31,4 +35,16 @@
     creates => $live_path,
     require => Class['letsencrypt'],
   }
+  
+  if $manage_cron {
+    $renewcommand = inline_template('<%= @letsencrypt_path %>/letsencrypt-auto certonly -a <%= @plugin %> --keep-until-expiring -d <%= @domains.join(" -d ")%><% if @additional_args %> <%= @additional_args.join(" ") %><%end%>')
+    $cron_hour = fqdn_rand(24, $title) # 0 - 23, seed is title plus fqdn
+    $cron_minute = fqdn_rand(60, $title ) # 0 - 59, seed is title plus fqdn
+    cron { "letsencrypt renew cron ${title}":
+      command => $renewcommand,
+      user    => root,
+      hour    => $cron_hour,
+      minute  => $cron_minute,
+    }
+  }
 }
diff --git a/spec/defines/letsencrypt_certonly_spec.rb b/spec/defines/letsencrypt_certonly_spec.rb
index 0f8c660b..c60a865e 100644
--- a/spec/defines/letsencrypt_certonly_spec.rb
+++ b/spec/defines/letsencrypt_certonly_spec.rb
@@ -29,6 +29,13 @@
         it { is_expected.to contain_exec('letsencrypt certonly foo.example.com').with_command '/opt/letsencrypt/letsencrypt-auto certonly -a apache -d foo.example.com' }
       end
 
+      context 'with custom plugin and manage cron' do
+        let(:title) { 'foo.example.com' }
+        let(:params) { { plugin: 'apache',
+                         manage_cron: true } }
+        it { is_expected.to contain_cron('letsencrypt renew cron foo.example.com').with_command '/opt/letsencrypt/letsencrypt-auto certonly -a apache --keep-until-expiring -d foo.example.com' }
+      end
+
       context 'with invalid plugin' do
         let(:title) { 'foo.example.com' }
         let(:params) { { plugin: 'bad' } }