Hi,
I applied "sudo /opt/bitnami/bncert-tool" for automatic renew.
If I also need to renew my certificate, what should I do?
Hi,
I applied "sudo /opt/bitnami/bncert-tool" for automatic renew.
If I also need to renew my certificate, what should I do?
I am using the bncert tool to manage the certs and it will not allow me to renew as the cert was issued 6 weeks ago.
On AWS I'm using sudo /opt/bitnami/bncert-tool, but it does not update the certificate dates. Anyone have a lead on forcing renewal?
I am using LetsEncrypt on Amazon Lightsail (certificate issued using sudo /opt/bitnami/bncert-tool), will I be required to renew it manually or will it be automatic once the other gets removed?
I am not familiar with bn-cert but most ACME clients are not capable of renewing a certificate when the active one is revoked. You will need to manually renew your certificate before the revocation deadline to ensure an uninterrupted experience for your site visitors.
I found something on cyberciti.biz that suggests using "sudo certbot renew"
That indeed seems to update the certificate dates, but checking on various SSL sites and the Firefox plugin the old dates are still shown. Is it usual for there to be a propagation delay for certificates?
Try this site for certbot use: https://www.cyberciti.biz/faq/how-to-forcefully-renew-lets-encrypt-certificate/
Basically, the easiest approach is "sudo certbot renew"
If that doesn't work, try "sudo certbot renew --force-renewal"
I am not sure what client lightsail/ bitnami/AWS use. It might depend on each user’s installation guide. I am glad this worked for you!
If your renewal was successful and the certificate was updated on disk, then you probably need to reload your webserver to start using the certificate.
The issue is that the cert cannot be renewed because the renewal date has not been reached.
cert cannot be renewed because the renewal date has not been reached.
Yes, this will be true for many certificates affected by the TLS-ALPN-01 issue. Most clients set the renewal period to attempt renewal beginning at 30 days before expiry and if your certificate doesn’t meet that won’t requirement it won’t renew and utilize Let’s Encrypt resources unnecessarily. However, clients often have a flag or configuration option to change that and “force renew”. For certbot the command line argument is --force-renewal
This worked for me for my lightsail instance in AWS. See steps for " Renew a Let's Encrypt certificate installed using bncert-tool or Lego tool":
Thanks for your help.
If I registered for the domains like example.com, www.example.com
Then should I put "example.com, www.example.com" in "EMAIL-ADDRESS"?
yes this works for users who used /opt/bitnami/bncert-tool! Worked for my bitnami wordpress ec2 instance. (not lightsail) The dates were updated
Thank you
Thank you so much for posting this documentation.
you only need to provide the root domain (i.e. example.com)
worked for me as well.
Hallo! Is there a procedure to do it starting from bitnami in Amazon AWS? Thanks a lot!
Thanks for your reply!
One more last question...
After using those commend to renew, will it be automatically renewed as like before?
Yes. Note the renew --days 90
flag at the end of the command below.
sudo /opt/bitnami/letsencrypt/lego --tls --email="EMAIL-ADDRESS" --domains="DOMAIN" --path="/opt/bitnami/letsencrypt" renew --days 90
Ensure the renew --days 90
is lowered (to normal), or removed from the command, after this one-time reissuance.
[or it will be trying to reissue all certs each and every day]