My certificate is about to expire. How do I renew?


#1

Hello,

My site as a Let’s Encrypt certificate on it that expires in a month or so. I no longer have the staff on who setup the original certificate. How do I arrange renewal?

Thanks

John


#2

Do you have SSH access to the server ? are you IT literate ? Can you give us a bit of info about the server ( operating system, does it have a control panel ? if so what ? is this a shared or dedicated server ? )


#3

Hi @serverco.

Yes, I am IT literate, but am not a guru on this area by a long shot!

In answer to your questions:
Yes, I have access to cPanel.
I don’t know what the OS is.
I believe it is a shared server.
I now know what SSH is, but do not know how to access it on our server.

Would you like me to call the host and get answers to these questions?

Thanks again


#4

If it’s cpanel, and a shared server then there are likely to have been done one of 2 ways.

  1. Your host already has LE supported within the cpanel - if so it should be really easy to do, and a quick chat with the host should resolve it.

  2. you need to manually install the certificate, probably using a service like https://gethttpsforfree.com/ which is a bit more long winded and can’t be automated (so hopefully it’s method 1). With this method you follow the instructions on that website, but basically that provides some tokens you need to upload to your website, LE can then verify ownership and provide a certificate that you copy and paste into cpanel.


#5

Sorry @serverco, I must have been confusing. The certificate is installed (the host doesn’t know about it, but that’s a different story - so I suspect you method 2 was used). What I need to know is how I renew the certificate before it expires in about a month from now. Thanks!


#6

If it’s a shared server, using cpanel, you wont have the relevant access to automate the renewal of a certificate, so basically you will just need to get a new certificate every couple of months and manually install it.

If you log into your cpanel, and go to the “security” section there should be a link to SSL/TLS. click on that.

In there you should be able to generate a private key ( or one is already generated). You can also geterate the CSR in the same SSL/TLS part of cpanel. Use the public component of the private key and the CSR to paste into https://gethttpsforfree.com/

That should then give you some tokens to place on your site ( the website provides instructions) and will then issue a certificate. You can paste the certificate into the “Install and Manage” part of the SSL/TLS section in your cpanel.


#7

That’s great, thank you!

I have done the SSL/TLS part and generated a bunch of code. I can’t see which is the Public component of the Private key. I have the following headings on different boxes:

Encoded Certificate Signing Request:
Decoded Certificate Signing Request:
Encoded Key:
Decoded Key:

Which one of those do I use please?

Thanks again,

John
PS - I have to go collect kids now, so will be offline for a while!


#8

Do you have SSH / command line access to that server ? ( or another secure linux computer ). If so

openssl rsa -in account.key -pubout

where account.key is your private key will give you the public key.


#9

Ah, you’ve lost me on that part! Should I be able to run this command from cPanel?


#10

No, sorry, it’s not something you can run directly from cpanel unfortunately)


#11

Hi @serverco.

I am somewhat lost on this.

I have the Certificate Signing Request generated, but don’t have an Account Public Key. I understand from what you have said that to get this I need to enter the code “openssl rsa -in account.key -pubout” somewhere, but don’t know where and don’t know what I should substitute “account.key” for!

Are you able to tell me what I should do now?

I really appreciate your help,

John


#12

Hi John,

Ideally you need to run that command on a linux computer, hence why I was asking if you had SSH access to your “domain” or another linux computer.

You can install openssl on windows I believe, and you could run it there (in a command prompt)

The Let’s Encrypt system is, in my view, really good for where you have a dedicated server ( i.e. full access to your server ) or your host has full access to the server and supports / uses LE. In cases like yours where you don’t have root access to the server, there is a control panel of some sort on there (cpanel in your case) and your host does not support LetsEncrypt yet, then it’s not the easiest to work achieve.

There may be another route / system I’ll have a look and see if I can find it.