DEV Community

Cover image for How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line
Codever profile image Adrian Matei
Adrian Matei for Codever

Posted on • Edited on • Originally published at codever.dev

How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line

#security #letsencrypt #codever #snippets

At Codever we use Let's Encrypt to generate our SSL Certificates 🙏 ❤️

First list available certificates with the following command sudo certbot certificates. Should look something like the following:

$ sudo certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: codever.dev Domains: codever.dev www.codever.dev Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem Certificate Name: codever.land Domains: codever.land www.codever.land Expiry Date: 2021-12-21 13:06:54+00:00 (VALID: 19 days) Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Select the Certificate Name from the list and do a dry run before executing the actual command, with the help of --dry-run flag - e.g. sudo certbot renew --cert-name codever.land --dry-run. The result should look something like the following:

sudo certbot renew --cert-name codever.land --dry-run Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/codever.land.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for codever.land http-01 challenge for www.codever.land Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/codever.land/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates below have not been saved.) Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/codever.land/fullchain.pem (success) ** DRY RUN: simulating 'certbot renew' close to cert expiry ** (The test certificates above have not been saved.) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Execute the actual renewal by removing the --dry-run flag

$ sudo certbot renew --cert-name codever.land Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /etc/letsencrypt/renewal/codever.land.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Cert is due for renewal, auto-renewing... Plugins selected: Authenticator nginx, Installer nginx Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org Renewing an existing certificate Performing the following challenges: http-01 challenge for codever.land http-01 challenge for www.codever.land Waiting for verification... Cleaning up challenges - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - new certificate deployed with reload of nginx server; fullchain is /etc/letsencrypt/live/codever.land/fullchain.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded. The following certs have been renewed: /etc/letsencrypt/live/codever.land/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Use the sudo cerbot certificates command to verify the validity and check the new expiration date:

$ sudo certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: codever.dev Domains: codever.dev www.codever.dev Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem Certificate Name: codever.land Domains: codever.land www.codever.land Expiry Date: 2022-03-02 11:18:39+00:00 (VALID: 89 days) Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Shared with ❤️ from Codever. 👉 use the copy to mine functionality to add it to your personal snippets collection.

Top comments (0)