In a post titled How to Set Up Letsencrypt, the SSL-Certificate Engine for the Cloud Era of Hyperscale, on AWS EC2, we have introduced you to this free, open, and fully automated Certificate Authority backed by the likes of Facebook (a gold sponsor), and discussed a manual setup for adventurers in How to Use Letsencrypt across Servers in the Manual Configuration Mode with a CSR.
Now is the time to discuss how to extend the validity of a Letsencrypt certificate for up to another 90 days of blissful happiness.
So long as you keep the host names unchanged when renewing the certificate, your new certificate will be saved in the same location with a new version number, so that the previous certificate can be retained while a symlink makes sure that your server software will find it once it reloads its configuration files.
How to renew a Letsencrypt certificate without changing domains
Follow these steps to renew your Letsencrypt certificate.
Step 1. Stop your Web server
You must stop your web server to allow Letsencrypt to bind to port 80.
systemctl stop nginx
Step 2. Launch the Letsencrypt wizard
There are several ways to go about this. Here is the simplest of them all:
certbot renew or you can also enforce the renewal if you like: certbot renew --force-renewal
Step 3. Verify the output and adjust configuration files in your server software if necessary
Pay close attention to the output this command generates. If the path differs from that of your old certificate, you web and mail servers will need some help in finding the new certificate.
Step 4. Start your web server and reload the config file of other applications
Start your web server, for example like this:
systemctl start nginx
Make sure that your server’s configuration file point to the correct location of your Letsencrypt certificate.
How to renew a Letsencrypt certificate with a new set of domains
If you need to change the set of domains when renewing your Letsencrypt certificate, follow all steps except Step 2 above. In Step 2, use the full command as follows:
letsencrypt certonly --server https://acme-v01.api.letsencrypt.org/directory -d host1.domain1.tld -d domain1.tld -d ...
Letsencrypt may remind you of your weekly allotment. Select option 2 to proceed.