Certbot kindly gives you the steps to set up a cronjob which would automatically renew your certificate when it expires however if you like me, you did not do this.

So the questions are:

-How do we renew the certificate
-Do I need to install it again by going through the installation steps provided on the letsencrypt website
-What happens to the existing path I have where my certificate is stored and what happens to my existing letsencrypt folder?

/etc/httpsd/sites-enabled/linuxbyimraan.co.za-le-ssl.conf
/etc/letsencrypt/

These are some of the questions I have, however the solution is quite simple. When you install letsencrypt, you should have downloaded an executable file named “certbot-auto” which is stored by default in your home directory. To renew your certificate, all you need to do is the following:

– execute the script:

$ ./certbot-auto

– Confirm the domain name you would like to use for SSL

– Expand the existing certificate

– Confirm whether or not you would like https to https redirect.

And thats it…. Really easy and simple to do.

I did it recently and have pasted the output from my terminal below. I hope this helps.

[root@linuxbyimraan ec2-user]# ./certbot-auto
Upgrading certbot-auto 0.27.1 to 0.30.0…
Replacing certbot-auto…
Creating virtual environment…
Installing Python packages…
Installation succeeded.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

Which names would you like to activate HTTPS for?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: linuxbyimraan.co.za
2: www.linuxbyimraan.co.za
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter ‘c’ to cancel): 1 2

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/linuxbyimraan.co.za.conf)

It contains these names: linuxbyimraan.co.za

You requested these names for the new certificate: linuxbyimraan.co.za,
www.linuxbyimraan.co.za.

Do you want to expand and replace this existing certificate with the new
certificate?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(E)xpand/(C)ancel: E
Renewing an existing certificate
Performing the following challenges:
https-01 challenge for linuxbyimraan.co.za
https-01 challenge for www.linuxbyimraan.co.za
Waiting for verification…
Cleaning up challenges
Deploying Certificate to VirtualHost /etc/httpsd/sites-enabled/linuxbyimraan.co.za-le-ssl.conf
Deploying Certificate to VirtualHost /etc/httpsd/sites-enabled/linuxbyimraan.co.za-le-ssl.conf

Please choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
1: No redirect – Make no further changes to the webserver configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you’re confident your site works on HTTPS. You can undo this
change by editing your web server’s configuration.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Select the appropriate number [1-2] then [enter] (press ‘c’ to cancel): 2
Enhancement redirect was already set.
Enhancement redirect was already set.

– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Your existing certificate has been successfully renewed, and the new certificate
has been installed.

The new certificate covers the following domains: https://linuxbyimraan.co.za
and https://www.linuxbyimraan.co.za

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=linuxbyimraan.co.za
https://www.ssllabs.com/ssltest/analyze.html?d=www.linuxbyimraan.co.za
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –

IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/linuxbyimraan.co.za/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/linuxbyimraan.co.za/privkey.pem
Your cert will expire on 2019-04-24. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again with the “certonly” option. To non-interactively renew *all*
of your certificates, run “certbot-auto renew”
– If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-l

Leave a Reply

Your email address will not be published. Required fields are marked *