Renew existing non let's encrypt certificat


I have a certificate, which wasn't issued by Let's Encrypt, expiring soon.
We're having trouble with the company validation and I'm not sure it will be solved before the certificate expires.

I'd like to use Let's Encrypt for this domain, to avoid a SSL Certificate error on clients browser.
I want to prepare the Let's encrypt certificate on the web server (apache on linux).

When I use certbot certonly --apache -d, certbot asks about updating the key type to ECDSA.
I absolutely don't want to change the existing certificate pair which is still valid.

Can I generate the Let's Encrypt certificate alongside the existing one ?
I'd like to be able to switch certificate in a few days if our situation with the company validation hasn't been solved.


Sure! You can use the --cert-name option with a different name than your exiting certificate as value, so Certbot has the new cert as a separate lineage.

However, I'm a little bit puzzled, as you're talking about "company validation", which to me suggests a certificate issuance other than using the ACME protocol. So I'm wondering, where does the certificate already known to Certbot come from? You can check all current certificates using the option sudo certbot certificates.


Oh, you're right. I was actually bothered by that too, because the existing SSL certificate linked to the website was issued by Sectigo, and I didn't get how Certbot could see it!
The sudo certbot certificates just refreshed my memory. I DID use Let's encrypt for this website during the deployment period and I just forgot about it.
Well, aha. I was anxious about this one, but I already have a Let's encrypt certificate.
Thank you so much.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.