How to Renew Let’s Encrypt SSL Certificate

  • by

Let’s Encrypt Authority issues free SSL certificates. Hence, we call them Let’s Encrypt SSL certificates. A website uses an SSL certificate to make the site more secure. In other words, it converts an HTTP website into an HTTPS website. A Let’s Encrypt certificate is free, however, it is valid only for three (3) months. Therefore, we must renew a Let’s Encrypt SSL certificate every three (3) months.

This tutorial on how to renew a Let’s Encrypt SSL certificate assumes that you already have a valid Let’s Encrypt SSL certificate. Furthermore, you used Certbot on a Linux machine to get your Let’s Encrypt certificate as outline in How to Get a Free SSL Certificate for GoDaddy.

Here is the step by step guide on how to renew a Let’s Encrypt SSL certificate.

Step 1 – Run Certbot

First, open a Linux terminal window. Then, type the command sudo certbot certonly –manual. Finally, press the ENTER key.

Take note that the command, sudo certbot certonly –manual, is exactly the same command used for retrieving a new Let’s Encrypt SSL certificate. However, instead of first asking for an email address, as it did on its first run, it goes directly to the step of asking for the domain name or names.

Screenshot of Linux terminal running certbot to renew Let's Encrypt SSL certificate

Step 2 – Provide the domain name of the SSL certificate for renewal

Provide the domain name. Or, in the case of multiple domains, separate the names with commas or spaces.

Image of Linux terminal windows showing the options when an SSL certificate for renewal is not yet due

Let’s Encrypt recommends renewing your SSL certificate thirty (30) days before its expiration date. As a result, Certbot first checks the provided domain name’s SSL certificate. If the certificate is not expiring in thirty (30) days, you will get the message:

Cert not yet due for renewal

Certbot then, gives you two options. The first one is to keep the existing certificate for now. If you select this option, Certbot displays a message saying Certificate not yet due for renewal; no action taken. After that, Certbot gracefully exits. Examine the screenshot below.

Picture of Linux terminal running Certbot showing the results when a Let's Encrypt SSL certificate is not yet due for renewal

The second option that Certbot provides is to renew and replace the SSL certificate. This option renews and replaces the Let’s Encrypt SSL certificate regardless of its expiration date. Selecting this second option will bring you to the next step, which is the acme challenge.

NOTE:

Certbot has an option to force the renewal of a Let’s Encrypt SSL certificate without regard on its expiration date. The command for Certbot is: sudo certbot certonly –manual –force-renewal

Step 3 – Do the ACME file challenge

Screenshot of Certbot program showing the file challenge requirement in order to renew a Let's Encrypt SSL certificate

The acme file challenge is a test to prove your ownership of the domain or domains you provided to Certbot. Therefore, you are required to create a file on the web server of the said domain(s). The instructions about the challenge file is shown in the screenshot above.

From this point, you need to leave Certbot and create the challenge file. However, you must keep Certbot running. That is, do not close the Linux terminal window with the running Certbot.

For a complete guide on how to do this file challenge, see How to create the acme challenge file.

Step 4 – Let Certbot check the file challenge and renew the Let’s Encrypt SSL certificate

Go back to the Linux terminal window running the Certbot program. Press the ENTER key to let Certbot verify the challenge file that you created on the web server.

Certbot message showing a successful renewal of a Let's Encrypt SSL certificate

Finally, if Certbot finds the challenge file in order, it will retrieve a new Let’s Encrypt SSL certificate. This new certificate will be valid for next three (3) months.

Related Articles on How to Renew Let’s Encrypt SSL Certificate

How to Get a Free SSL Certificate for GoDaddy

References on How to Renew Let’s Encrypt SSL Certificate

https://letsencrypt.org/
https://certbot.eff.org/

Leave a Reply

Your email address will not be published. Required fields are marked *