Imagine you are getting this alert from your system mentioning that your Let’s Encrypt certificate is expiring soon.
Assuming you already have Open SSL installed and Let’s Encrypt SSL setup using CertBot; the certificate renewal can be done with just one single command through the bash terminal. But before that, let me once again introduce you to the common terms we are discussing in this article,
- OpenSSL – A robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. Refer: https://www.openssl.org/
- Let’s Encrypt – A nonprofit Certificate Authority providing TLS certificates for free. Refer: https://letsencrypt.org/
- Certbot – An open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS. Refer : https://certbot.eff.org/
- SSH – SSH protocol (also referred to as Secure Shell) is a method for secure remote login from one computer to another. Refer: www.ssh.com
Steps to manually renew an expiring Let’s Encrypt SSL:
Step 1: First login to your VPS / Cloud Instances like AWS EC2, GCP Instance, Digital Ocean, Linode or Vultr through SSH.
Step 2: Once you are logged in to your machine, excute the following single command.
Bash> sudo certbot renew
With the above command your Let’s Encrypt SSL cert will be renewed in a minute. It’s that simple and easy. The tool CertBot is what is making all these steps easy and simple. So use CertBot while using lets encrypt and make domain ssl renewal simple.
However, you can make it even more simpler, just autorenew Let’s encrypt free SSL. It can be easily done by adding this to a CRON.
Steps to autorenew
Outlined are the steps to automate this process, so that you dont need to do this manually each time the cert nears expiry.
Step 1: First login to the machine as root
Step 2: Excute the following command to open the cron tab
Bash> crontab -e
Step 3: Now you are inside the cron file. Append the following below command line to that file
0 * * * * sudo certbot renew
This command asks the system to run “Sudo cerbot renew” once a day to check if the cert is expiring in the next 30 days and if any is expiring it will push to renew the certificate.
Step 4: Save and exit. Hurray, we have automated the SSL renewal!!
By following the above steps, you can Autorenew Let’s Encrypt free SSL automatically. The automated solution will save you from remembering when the cert is next expiring and from the pain of manual renewal.