Renew certificate created in a different server


#1

I need to renew my SSL certificate as it is going to expire in a couple of days. When I run the ./letsencrypt-auto renew command, it returns No renewals were attempted.

Could this be because the original certificate files were created in a different server? Initially, I did generate the certificate in another server, but that server had to be abandoned due to other issues. The files were moved to the new server hosting the actual application. So, this is the reason for the renewal not working, I think.

What should I do? Can I generate a new certificate for the same domain in this server? Or is there another way of renewing? I don’t have access to the original server any more.

Also, the /etc/letsencrypt/renewal folder is empty. Should there be any configuration file present to renew the certificate?

Thanks.


#2

Hello @sridharraman,

Maybe you forgot to move /etc/letsencrypt/renewal directory from the old server or you get your certificate using letsencrypt client prior to version 0.4.0 (renewal procedure was introduced in this version).

So, you should check your current letsencrypt-auto version (keep in mind that letsencrypt client is now named certbot) and issue a new certificate for your domain using the same command you used the first time, once you get your new cert you will see a new file inside renewal for your domain and next time you try to launch ./certbot-auto renew command it will check your domain and will renew it if needed.

Note: Remind to reload/restart your webserver/application to reload the new issued cert.

Cheers,
sahsanu


#3

Hi @sahsanu, yes, I used the ./letsencrypt-auto command to generate the certificate. That’s the older version?

So, if I use certbot now, can I use it to generate for the same domain before the expiry date? Or do I need for wait it to expire?


#4

Hello @sridharraman,

letsencrypt client changed its name to certbot and now it is being developed by EFF instead of Let’s Encrypt, anyway, letsencrypt-auto should be auto updated, check what is your version ./letsencrypt-auto --version or follow the instructions on certbot web page to install certbot for your server.

Yes, you can issue a new cert for your domain even if it is not expired, no problem at all. Also, certbot will use the same directory structure to check and install your certificates (/etc/letsencrypt/) so you don’t need to change anything in your server.

Note: Just in case, remember to backup your /etc/letsencrypt/ :wink:

Cheers,
sahsanu


#5

Thanks @sahsanu. My letsencrypt version is 0.8.1. So it has the renewal procedure installed. This probably means that I forgot to move the renewal folder from the old server.

I’ll generate a new certificate to fix this. Will let you know how it goes.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.