Renew Certificate


#1

Hello,

I am new to Let’s Encrypt and setting up certificates on my web server however I just installed it successfully today.

I believe the certificate will last for 60 days after which I will need to renew and this could be done manually or automatically depending on whether you set this up on your web server.

I was looking for the information on how to do this manually - I have Apache on Debian 9 (stretch). I tried to search but could not find the right information about this. Would I also get an email notification to remind me to do it manually?

Thanks in advance!

GISVPN


#2

Issue and install the certificate using these instructions: https://certbot.eff.org/lets-encrypt/debianstretch-apache

If you do that, it will automatically renew perpetually.


#3

Maybe it would be better to say “it’s expected to automatically renew during the remainder of the supported lifetime of your operating system” (since Certbot often drops support for operating system releases when the upstream OS vendor does).


#4

Let’s Encrypt certificates are valid for 90 days. It’s recommended to start trying to renew them after about 60 days so that you have time to fix any problems that come up.

How did you install the certificates? What ACME client did you use? What command did you use? How did you install it? What version is it? How renewal works will depend on how it’s set up.


#5

Hi and thanks for the reply and clarification.

I installed the certificate using Certbot following these instructions: https://certbot.eff.org/lets-encrypt/debianstretch-apache

Regards,

GISVPN


#6

so it sounds like it will automatically renew if I followed the instructions as the process installs with a cron job?


#7

Yes, it installed a cron job (and/or a systemd timer).

As long as nothing goes wrong, your certificates will be automatically renewed. :slightly_smiling_face:

If you used “certbot certonly” to issue them, you need to add a hook to reload your software after the certificates are renewed. If you used “certbot --apache” with Apache or “certbot --nginx” with Nginx that’s taken care of automatically.


#8

great thanks - is there anyway I can check it renewed?

Does it renew on the 90th day exactly?


#9

sudo certbot certificates” will display your current certificates and their expiration dates.

You can look for renewals in the voluminous logs in /var/log/letsencrypt/.

By default, Certbot will try to renew certificates starting 30 days before they expire.


#10

thanks for all the details! Appreciate the info/help


closed #11

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.