Security

How to Renew Let’s Encrypt SSL Certificate

Let’s Encrypt is a certificate authority (CA) that provides free digital certificates to enable the HTTPS (SSL/TLS) on websites. These certificates are used to encrypt the communication between the website and its users, ensuring that sensitive information such as login credentials and credit card details are kept private and secure. Let’s Encrypt certificates are trusted by all major web browsers which makes them an accessible and reliable option for website owners to secure their sites.

It is essential for all websites to have a valid SSL/TLS certificate to secure the user data. However, these certificates have a limited validity period, typically 90 days. After this period, you need to renew your certificate to maintain the secure connections to your website. In this article, we will discuss how to renew the Let’s Encrypt certificates on Linux-based systems.

Renewal of Let’s Encrypt Certificate

There are several ways to renew a Let’s Encrypt certificate, but the most common method is to use Certbot which is a tool that is developed by the Electronic Frontier Foundation (EFF) that simplifies the process of obtaining and renewing the SSL/TLS certificates.

Step 1: Check the Availability of Certbot

Before renewing your Let’s Encrypt certificate, make sure that you have Certbot installed on your system.

Run the following command to check if Certbot is installed on your system:

$sudo certbot --version

 
If Certbot is not installed, you will see the following terminal output:


You can install Certbot by running the following command:

$sudo pip install certbot certbot-nginx

 
You will see an output that is similar to the one in the following:


Run the following command to create a symlink to ensure that Certbot runs:

$sudo ln -s /opt/certbot/bin/certbot /usr/bin/certbot

 
Step 2: Renew a Certificate with Certbot

Once you have Certbot installed, you can renew your Let’s Encrypt certificate.

Run the following command to renew the certificate:

$sudo certbot renew

 
Note: This command checks if any of your certificates are due for renewal and automatically renews them if they are. If you do not have any certificates to renew, it shows you an empty renewal output like the one in the following:


Step 3: Renewal of Specific Certificate

If you have multiple domains or subdomains on your website, you may need to specify which certificate you want to renew.

You can do this by running the following command:

$sudo certbot renew --cert-name example.com

 
Note: Replace the “example.com” with the name of your domain or subdomain.

Step 4: Renewal of Multiple Certificates

If you have multiple domains or subdomains, you can specify multiple certificates by separating them with commas.

Run the following command:

$sudo certbot renew --cert-name example.com,www.example.com

 
Step 5: Testing the Renewal of Certificate

If you want to test the renewal process without actually renewing the certificate, you can use the –dry-run flag.

Run the following command to test the certificate renewal:

$sudo certbot renew --dry-run

 
Note: This simulates the renewal process and lets you know if there are any issues that need to be resolved before the actual renewal.

Step 6: Renewal of Certificates upon Changes to Website

It’s important to note that any time you make changes to a website’s configuration such as changing the web server or adding new domains, you have to update your Let’s Encrypt certificate to reflect these changes.

Run the following command to reflect the changes:

$sudo certbot certonly --force-renewal -d example.com -d www.example.com

 
Note: Replace the “example.com” and “www.example.com” with the domains or subdomains that you want to update.

    • The –force-renewal flag forces Certbot to issue a new certificate even if the current certificate is still valid.

Troubleshooting

More often than not, one encounters issues during the renewal website certificate. These can include connection error or a domain name invalidity error. You should try the following steps to troubleshoot the problems:

    • Make sure that your server’s clock is set correctly. Let’s Encrypt requires that the clock on your server is set within a certain margin of error.
    • Check that your DNS records are set up correctly. Let’s Encrypt uses DNS to verify your domain ownership. Any issues with your DNS records can prevent the renewal process from completing.
    • Check that your web server is running and accessible. If your web server is down or inaccessible, Certbot will not be able to renew your certificate.
    • Check that your firewall is not blocking the Let’s Encrypt’s servers. Let’s Encrypt uses specific IP addresses to verify the domain ownership. If your firewall is blocking these IP addresses, the renewal process will fail.

Conclusion

Renewing your Let’s Encrypt certificate is a relatively simple process that can be done quickly and easily using the Certbot tool. With just a few commands, you can ensure that your website or web application remains secure and protected from unwanted attacks. Let’s Encrypt has made it easier than ever to secure your website or web application with SSL/TLS certificates, and renewing them is a simple process that anyone can do with a little bit of technical knowledge. With the right tools and knowledge, you can ensure that your online presence remains safe and secure, and that your visitors are protected from potential security threats.

About the author

Zeeman Memon

Hi there! I'm a Software Engineer who loves to write about tech. You can reach out to me on LinkedIn.