Let’s Encrypt is a free and open certificate authority that provides SSL/TLS certificates. The new certificate they issued is trusted by most browsers like Windows XP, Internet Explorer, etc. Moreover, they also fully automate the task of renewal and issuing certificates.
Here we have a blog post that covered the process of renewing installed certificates for
How does Let’s Encrypt Operates?
Let’s Encrypt first validates the ownership of a domain and then issues a specific certificate. It runs on your domain name and creates a token with the help of the information available. Afterward, the server requests an HTTP to fetch the file, and the token gets validated. Further, the DNS records are verified by the server running the Let’s Encrypt certificate. This process works with all web servers, including mail servers, VPS Server, etc.
Manual Renew Let’s Encrypt Certificates for NGINX Servers
The NGINX generates an SSL/TLS certificate using the certbot NGINX wizard. Once you have installed the Python certbot NGINX plugin, you can use the following certbot command to generate the certificate:
sudo certbot --nginx
For manually renewing SSL/TLS certificate using certbot, the following command is used:
sudo certbot renew -- nginx
After entering this command, a dialogue box containing some steps for the renewal will be prompted. You can renew certificates that expire in less than 30 days. Once the certificate is renewed, it is valid for 90 days.
The NGINX reloads independently, so you are not required to start or stop the NGINX plugin. The visitors to the site will automatically get the renewed certificate after the successful completion of the task using certbot renew feature.
multiple domain names with the help of Let’s Encrypt.
Automatic renewal of SSL certificates for NGINX
Setting up a renew automatically feature can help avoid manual labor. Using this feature, a server admin does not have to keep logging into a server repeatedly.
This task is accomplished by using cron. A cron is a command line that schedules jobs on Unix and similar operating systems. When you install certbot, a cron file gets automatically installed to /etc/cron.d/certbot location. In case the file is not created, use the following command to update the content:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
0*/12***root certbot -q renew --nginx
With this, the certificates will be auto-renewed, running on NGINX. The code’s ‘-q’ flag prevents any output from getting logged.
Manual SSL/TLS Certificates Renewal for Apache Webserver
Renewing the SSL/TLS certificate on an Apache web server is quite similar to what it is on NGINX. The only difference between these web servers is the installation of certificates and the command used to renew them.
In the Apache web server certbot, Apache wizard generates the certificates for domains by using the following command on the domains :
sudo certbot --apache
After the encrypted certificate is loaded, the next task is to set them up for renewal. The manual command to complete the process is:
sudo certbot renew --apache
You will receive a dialogue box with further steps for a successful installation. Follow them, and your certificates will get renewed. To confirm the renewal, check the domain for the HTTPS tag.
Automatic renewal of Let’s Encrypt SSL certificates for Apache Web Server
For managing the auto-renew of SSL certificates, you will require a cron file. While installing certbot, a/etc/cron.d/certbot directory will be created, allowing automatic renewal.
If it is not available, you can use the below-mentioned command and set up the auto-renewal process:
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/usr/bin
0*/12***root certbot -q renew --apache
Conclusion
The purpose of repeatedly renewing the SSL/TLS certificate is to validate a website’s identity. With the certificate, users can stay assured that their encryption is up to date and that their data is safe during transit mode. Most certificates expire after every 90 days, but one can renew them in 60 days.
The above article has summed up how to successfully renew your TLS/SSL certification using the certbot command. After using these methods, one can successfully renew their specific certificates manually and automatically.
