How to Renew letsencrypt.org ssl Certificates

So, did you do the switch to https three months ago when I told you about this free service?

And now you’re getting emails that contain the following ominous words:

Your certificate (or certificates) for the names listed below will expire in 10 days (on 30 Oct 20 13:53 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.

Oh, dear! What to do? Renew! It’s easy. You thought setting up your website with a https URL was easy with certbot? Wait until you see how easy it is to renew!

ssh to your web server and run a couple of simple commands and you’re done. The first command is certbot certificates. This shows you what certs you have and their expiry.

[root@webserver ~]# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Found the following certs:
Certificate Name: www.betterdoneyourself.com
Serial Number: 4c4618945c8c63157338028f1aa9a51d46e
Domains: www.betterdoneyourself.com
Expiry Date: 2020-10-30 13:53:18+00:00 (VALID: 9 days)
Certificate Path: /etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.betterdoneyourself.com/privkey.pem
Certificate Name: www.howtoraspberry.com
Serial Number: 376890f7507086b1e6baa61c0cecc640600
Domains: www.howtoraspberry.com
Expiry Date: 2020-10-30 13:53:43+00:00 (VALID: 9 days)
Certificate Path: /etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.howtoraspberry.com/privkey.pem

Looks like I have two! Sounds right. Let’s renew them!

[root@webserver ~]# certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

Processing /etc/letsencrypt/renewal/www.betterdoneyourself.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.betterdoneyourself.com
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem


Processing /etc/letsencrypt/renewal/www.howtoraspberry.com.conf

Cert is due for renewal, auto-renewing…
Plugins selected: Authenticator apache, Installer apache
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for www.howtoraspberry.com
Waiting for verification…
Cleaning up challenges

new certificate deployed with reload of apache server; fullchain is
/etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem


Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem (success)
/etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem (success)

That was easy! Now, just restart the httpd process to read them into memory.

systemctl restart httpd

Done. Check your work. You can either run:

certbot certificates

again or browse to your website and right-click on the lock in the URL line:

Three more months of free https? Done.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.