How to Renew A Certificate for certbot-auto certificates


#1

What is the proper procedure to renew a certificate

The ultimate goal is to auto renew using cron. But for now a cli renewal is adequate.

Two certificates located here:

  1. /home/name/gitprojects/dehydrated/certs/application.server1.com
    (a) For reverse proxy within virtual host container for application on LAN behind firewall
    (b) interactive DNS challenge using TXT RR

  2. /etc/letsencrypt/live/server1.com/
    (a) Main server for other virtural host not behind firewall

  3. After looking over the documentation the proper command to renew certificates is not clear from the following iterations:
    <> certbot renew
    <> certbot-renew
    <> certbot-auto renew

(a) Location (2) contain files
/home/name/letsencrypt/certbot-auto
/home/name/letsencrypt/letsencrypt-auto

diff considers the files not different.

(b) Location (1) does not contain and iteration of renew.

Both certificates were obtained differently (1) DNS challenge TXT RR and (2) certbot. How are the certificates renewed and what are the proper commands / procedures to renew the certificates?

Thanks!


#2

Hi @Anthon,

Certbot can’t renew the certificates that were obtained using dehydrated; I guess you’ll have to use dehydrated for that.

For renewing the certificate under /etc/letsencrypt, you should run certbot renew if you originally obtained the certificate running certbot, and certbot-auto renew if you originally obtained the certificate running certbot-auto (possibly with a path such as the /home/name/letsencrypt/certbot-auto). These are different ways of running the Certbot software depending on how you’ve installed it. In either case, you should run it in the same way you did before, adding renew as a separate word (which we sometimes call a “verb”, “action”, or “subcommand” within Certbot).


#3

Will do. Thanks @schoen


#4

HOW TO RUN certbot-auto renew

(1) This method requires that port 443 is not in use by another process. In other words stop the web server or the process binding to port 443.

systemctl stop httpd … or …
systemctl stop apache2

(2) certbot-auto is a script which is not in a command path so provide the path or cd to the directory where certbot-auto is located. Precede the script with “./”

./certbot-auto renew

< successful renew output >

Saving debug log to /var/log/letsencrypt/letsencrypt.log


Processing /etc/letsencrypt/renewal/server.com.conf

Cert is due for renewal, auto-renewing…
Renewing an existing certificate
Performing the following challenges:
tls-sni-01 challenge for server.com
tls-sni-01 challenge for www.server.com
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0001_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0001_csr-certbot.pem


new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/server.com/fullchain.pem

Congratulations, all renewals succeeded. The following certs have been renewed:
/etc/letsencrypt/live/server.com/fullchain.pem (success)

< restart web server! >

systemctl restart httpd … or …
systemctl restart apache2


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.