Umm, I haven’t been using the server, so it’s not a huge priority. I acquired it via the Linux terminal, but I would definitely renew the certificate if I don’t have to hook up my server again and am able to renew it from elsewhere.
At a technical level, renewing the certificate means getting a new certificate. There’s no way to extend the validity of an existing certificate from the outside. So, you would have to use the same method that you originally used to get your certificate.
Some of the clients, like Certbot, are designed to help renew automatically—for example with Certbot you can usually run certbot renew to renew existing certificates using the same settings that you originally used to obtain them, if the certificates are within 30 days of expiry. This is designed to be run automatically from cron or a systemd timer for unattended renewals.
You can get a certificate from any computer where you can run an ACME client. (And if you do, Let’s Encrypt will stop sending you warnings about the old certificate, whether or not your server is using the new certificate.)
But the only reason to have a certificate is to use it.
If you’re running Certbot at home, and uploading a new certificate every 2-3 months to some web host without better Let’s Encrypt integration, it would make sense to install an ACME client elsewhere, or use a browser-based client, to replace your certificate.
If you’re only using the certificate on a computer that’s off anyway, you don’t need to bother.
If you boot your computer before the certificate finally expires, and you run “certbot renew”, or wait for a cron job or systemd timer to run “certbot renew”, it will renew the certificate.
If you boot your computer after the certificate has expired, and you run “certbot renew”, or wait for a cron job or systemd timer to run “certbot renew”, it will renew the certificate.
The only difference is when you turn on your computer, and whether Apache is using an expired certificate for a few seconds/minutes/hours before “certbot renew” runs.
