Do I need to renew certificate from my server?

Hey, I just got an email notifying me that my certificate will expire soon and I’m wondering whether or not I have to renew it from my actual server?

My domain is:

I ran this command: None yet

It produced this output: None

My web server is (include version): Apache (2.x? I forget the version)

The operating system my web server runs on is (include version): Ubuntu 16.4 LTS

My hosting provider, if applicable, is: Personal server

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

Hi @bmf,

How did you obtain your original certificate?

Your certificate does expire on November 13, so it would be a good idea to take care of this before then.

Umm, I haven’t been using the server, so it’s not a huge priority. I acquired it via the Linux terminal, but I would definitely renew the certificate if I don’t have to hook up my server again and am able to renew it from elsewhere.

At a technical level, renewing the certificate means getting a new certificate. There’s no way to extend the validity of an existing certificate from the outside. So, you would have to use the same method that you originally used to get your certificate.

Some of the clients, like Certbot, are designed to help renew automatically—for example with Certbot you can usually run certbot renew to renew existing certificates using the same settings that you originally used to obtain them, if the certificates are within 30 days of expiry. This is designed to be run automatically from cron or a systemd timer for unattended renewals.

Yeah, I had set up certbot auto-renewal. I just haven’t booted up my server in a while :frowning:

You can get a certificate from any computer where you can run an ACME client. (And if you do, Let’s Encrypt will stop sending you warnings about the old certificate, whether or not your server is using the new certificate.)

But the only reason to have a certificate is to use it.

If you’re running Certbot at home, and uploading a new certificate every 2-3 months to some web host without better Let’s Encrypt integration, it would make sense to install an ACME client elsewhere, or use a browser-based client, to replace your certificate.

If you’re only using the certificate on a computer that’s off anyway, you don’t need to bother.

If you boot your computer before the certificate finally expires, and you run “certbot renew”, or wait for a cron job or systemd timer to run “certbot renew”, it will renew the certificate.

If you boot your computer after the certificate has expired, and you run “certbot renew”, or wait for a cron job or systemd timer to run “certbot renew”, it will renew the certificate.

The only difference is when you turn on your computer, and whether Apache is using an expired certificate for a few seconds/minutes/hours before “certbot renew” runs.

1 Like

Very informative. I guess I’ll let it expire and simply manually renew it when I decide to use the server again. Thanks <3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.