How can I test that certificate renewal works?

Please fill out the fields below so we can help you better.

My domain is: I prefer not to share this, because it is not meant for public but for internal usage.

I ran this command: letsencrypt.exe --manualhost --webroot “C:\Bitnami…\apache2\htdocs”

It produced this output: Everything worked fine. Certificates were generated in a user folder. I copied them manually to my apache2 path.

My web server is (include version): Apache2

The operating system my web server runs on is (include version): Windows Server 2012 R2

My hosting provider, if applicable, is: Contabo

I can login to a root shell on my machine (yes or no, or I don’t know): Yes, but honestly I can’t do much on Windows.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

I used the letsencrypt-win-simple client to obtain a certificate on Windows for an Apache2. The tool asked me to generate a scheduled task for renewal. I chose “No”, because I wanted to see that it works first. I copied all files to the apache and now the first certificate works fine. My questions is: How can I test that a renewal will work in the future? As far as I can see, the tool does not allow me to create a scheduled task without creating a new csr, right? How can I know that the certificate will work in the future? I assume I need to write a batch file that is called from the tool and copies all result files to the apache folder, but I would love to test this in advance to make sure we will have a valid certificate. Is it possible the make the renewal a week before the certificate runs out to have time to react in case of failure? Is there any best practice for cases like this?

Best regards,

I’m not familiar enough with the combination of this win-simple client and apache on Windows (why not IIS?) to comment on that aspect.

However, from a best practices perspective, it is recommended to begin attempting renewal 30 days prior to expiration to allow for this buffer time.

The most important that thing that I don’t know is if I can just “edit” the existing certificate or if I have to create a new one for all this. In other words, is it possible to try to renew the existing certificate now without losing it?

Why not IIS: Well, I failed to install YouTrack with IIS and it worked right out of the box with Apache2 and Bitnami.

Certificate renewal always means obtaining a new certificate (there's no such thing as editing an existing certificate at a technical level). But it doesn't require revoking the old one, so both the old and new certificates will coexist and either or both can be used.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.