So, did you do the switch to https three months ago when I told you about this free service?
And now you’re getting emails that contain the following ominous words:
Your certificate (or certificates) for the names listed below will expire in 10 days (on 30 Oct 20 13:53 +0000). Please make sure to renew your certificate before then, or visitors to your website will encounter errors.
Oh, dear! What to do? Renew! It’s easy. You thought setting up your website with a https URL was easy with certbot? Wait until you see how easy it is to renew!
ssh to your web server and run a couple of simple commands and you’re done. The first command is certbot certificates. This shows you what certs you have and their expiry.
[root@webserver ~]# certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log Found the following certs: Certificate Name: www.betterdoneyourself.com Serial Number: 4c4618945c8c63157338028f1aa9a51d46e Domains: www.betterdoneyourself.com Expiry Date: 2020-10-30 13:53:18+00:00 (VALID: 9 days) Certificate Path: /etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/www.betterdoneyourself.com/privkey.pem Certificate Name: www.howtoraspberry.com Serial Number: 376890f7507086b1e6baa61c0cecc640600 Domains: www.howtoraspberry.com Expiry Date: 2020-10-30 13:53:43+00:00 (VALID: 9 days) Certificate Path: /etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem Private Key Path: /etc/letsencrypt/live/www.howtoraspberry.com/privkey.pem
Looks like I have two! Sounds right. Let’s renew them!
[root@webserver ~]# certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log Processing /etc/letsencrypt/renewal/www.betterdoneyourself.com.conf Cert is due for renewal, auto-renewing… Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for www.betterdoneyourself.com Waiting for verification… Cleaning up challenges new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem Processing /etc/letsencrypt/renewal/www.howtoraspberry.com.conf Cert is due for renewal, auto-renewing… Plugins selected: Authenticator apache, Installer apache Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for www.howtoraspberry.com Waiting for verification… Cleaning up challenges new certificate deployed with reload of apache server; fullchain is /etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/www.betterdoneyourself.com/fullchain.pem (success) /etc/letsencrypt/live/www.howtoraspberry.com/fullchain.pem (success)
That was easy! Now, just restart the httpd process to read them into memory.
systemctl restart httpd
Done. Check your work. You can either run:
certbot certificates
again or browse to your website and right-click on the lock in the URL line:
Three more months of free https? Done.