Using certbot to replace an existing SSL certificate?

I set up my server to be able to use certbot but I haven't fully installed it yet. I'm on Step 7 of these instructions: Certbot - Debianbuster Apache

The documentation reads as if the user doesn't already have an SSL certificate but I do. Therefore, my question is...

Is it safe to run sudo certbot --apache in order to replace my current certificate or should I perform some manual steps beforehand?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. |, so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:

It produced this output:

My web server is (include version):
Apache 2
The operating system my web server runs on is (include version):
Debian 10
My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don't know):
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):

It should work, if certbot can understand your current Apache configuration. Assuming your Apache configuration isn't weird or incorrect, this should be the case.

Certbot will get a new certificate and will store it in /etc/letsencrypt/, so your current certificate won't be overwritten (assuming it wasn't a certificate previously stored in /etc/letsencrypt/). The only thing certbot should do after it gets the new certificate, is update the references to the previous certificate in your Apache configuration to the new certificate.

Thanks! I was nervous about deploying it but just did now and it seems to have worked perfectly. Hooray!

You should still be able to find your previous certificate at its own location :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.