How to renew existing cert on AWS LightSail WordPress

I have received this email: Your certificate (or certificates) for the names listed below will expire in 20 days (on 30 Aug 19 12:48 +0000)

I wish someone could advise the exact steps I must take to renew the cert without needing to re-installing it from beginning.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):Apache2

The operating system my web server runs on is (include version): Linux

My hosting provider, if applicable, is: AWS

I can login to a root shell on my machine (yes or no, or I don’t know): Yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): No

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): Certbot

Hi @ahalimo,

What happens if you run sudo certbot renew on your server?

Thanks Schoen
Please see the attached two images showing the produced error (because it is long, I divided it into shots)

Hi @ahalimo,

This shows that you used --manual or its equivalent when you originally got your certificate. Is your certificate a wildcard? Do you know why you chose to use the manual method?

The manual authentication method requires an interactive renewal every time in which you repeat the same process that you originally used to obtain the certificate. It may not be the best choice for you if you have alternatives.

Yes, my certificate is wildcard, and I used the manual interactive method.
What is your advice to renew the wildcard on the current manual way?
Or, what is our recommendation to re-install the certificate using the automatic method?

Appreciate your support Schoen

Do you need a wildcard certificate?

By Let’s Encrypt policy, wildcard certificates can only be obtained if you prove your control of the domain by creating DNS records. (Other options are available for non-wildcard certificates.)

This can be automated if your DNS provider has an API that allows DNS records to be created by software. Do you know if this is the case for your environment? Who is running your DNS server?

I control the DNS manually on AWS domain zone control panel, and I did that DNS records when I issued the wildcard certificate. I do not know if (and how) the AWS offer API that allow DNS records to be created by software.
My questions are:
1- Whats other options are available for non-wildcard certificates
2- Do you know if AWS has that API you referred to know?

Thanks again

For non-wildcard certificates, you can prove your control of a domain name by receiving an inbound web connection on your web server. This is usually much easier to automate.

It seems that it does if you choose to use the Amazon Route53 service.

Certbot and (among other clients) have support for the Route53 API.

If you’re not using Route53, I don’t know how to automate wildcard certificate issuance using Certbot with DNS hosted on AWS, unless you create a CNAME for the _acme-challenge DNS record to some other DNS zone hosted on a different provider that also offers a compatible DNS API.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.