Renew Letsencrypt Certificate - Ubuntu
June 4, 2024•380 words
Let's Encrypt certificate expiration
ssh onto the machine where the certificate needs renewing.
First stop the web server as it will interfere with the renewal process:-
$ sudo systemctl stop nginx
The do a dry run to check that everything is in order:-
$ sudo certbot renew --dry-run
If all goes well you should see something like:-
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stroud.social-0001.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for stroud.social
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/stroud.social.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Simulating renewal of an existing certificate for stroud.social
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Congratulations, all simulated renewals succeeded:
/etc/letsencrypt/live/stroud.social-0001/fullchain.pem (success)
/etc/letsencrypt/live/stroud.social-0001/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Then it is safe to perform the renewal:-
$ sudo certbot renew
and if all goes well, restart the web server:-
$ sudo systemctl start nginx
then verify the certificate details on the site with a web browser.