CloudInsidr

Cyber security, infotech

Join us on Twitter: @CloudInsidr

Follow us on Twitter: @cloudinsidr
Home cloud, edge and everything in between administration and orchestration How to renew a Letsencrypt certificate
How to renew a Letsencrypt certificate

Leave a Comment

How to renew a Letsencrypt certificate

In a post titled How to Set Up Letsencrypt, the SSL-Certificate Engine for the Cloud Era of Hyperscale, on AWS EC2, we have introduced you to this free, open, and fully automated Certificate Authority backed by the likes of Facebook (a gold sponsor), and discussed a manual setup for adventurers in How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR.

Now is the time to discuss how to extend the validity of a Letsencrypt certificate for up to another 90 days of blissful happiness.

So long as you keep the host names unchanged when renewing the certificate, your new certificate will be saved in the same location with a new version number, so that the previous certificate can be retained while a symlink makes sure that your server software will find it once it reloads its configuration files.

How to renew a Letsencrypt certificate without changing domains

Follow these steps to renew your Letsencrypt certificate.

Step 1. Stop your Web server

You must stop your web server to allow Letsencrypt to bind to port 80.

systemctl stop nginx
Step 2. Launch the Letsencrypt wizard

There are several ways to go about this. Here is the simplest of them all:

certbot renew

or you can also enforce the renewal if you like:

certbot renew --force-renewal

That’s it.

Renew Letsencrypt certificate
Renewing Letsencrypt certificate
Step 3. Verify the output and adjust configuration files in your server software if necessary

Pay close attention to the output this command generates. If the path differs from that of your old certificate, you web and mail servers will need some help in finding the new certificate.

Step 4. Start your web server and reload the config file of other applications

Start your web server, for example like this:

systemctl start nginx

Make sure that your server’s configuration file point to the correct location of your Letsencrypt certificate.

How to renew a Letsencrypt certificate with a new set of domains

If you need to change the set of domains when renewing your Letsencrypt certificate, follow all steps except Step 2 above. In Step 2, use the full command as follows:

letsencrypt certonly --server https://acme-v02.api.letsencrypt.org/directory -d host1.domain1.tld -d domain1.tld -d ...

Letsencrypt may remind you of your weekly allotment. Select option 2 to proceed.

Renewing a Letsencrypt certificate
Renewing a Letsencrypt certificate

Leave a Reply

Your email address will not be published. Required fields are marked *

©2022 CybrAnalytiqa OÜ