Is a web server required to renew a cert?


#1

I know that a web server is required to initially create a cert, but does is a web server required to be present/running to renew certs?


#2

Hi @ranch,

No, but you’ll need to prove your control over the domain names in the certificate each time the certificate is renewed, so ordinarily this is done by the same method that was used to obtain the cert. So, if you used an existing web server to obtain your certificate, you would also ordinarily use it to renew the certificate.

This isn’t true with, for example, Certbot’s --standalone method, which is meant for systems that aren’t already running a web server. And it’s also not true for DNS authentication, which involves posting TXT records in your DNS zone to prove your control over the zone.


#3

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.