How to Renew Let’s Encrypt SSL Certificate on Linux

Looking for a way to renew Let’s Encrypt SSL certificate on Linux?

While there are many ways to renew the Let’s Encrypt SSL certificate, some can be long and complex. 

Worry not, as in this post, I will provide the easiest and quickest approach that can help you renew the Let’s Encrypt SSL certificate immediately.

Let’s jump in!

What Is the Need to Renew Let’s Encrypt SSL Certificate?

There are many benefits to the Let’s Encrypt SSL certificate, and it is mandatory to renew it.

If you’re unsure about the renewal, here are some key advantages:

1. Regular renewal ensures the highest level of website security
2. Maintains trust with visitors by showing an active, valid certificate
3. Prevents browsers from displaying a “Not Secure” warning
4. Let’s Encrypt promotes automation, making renewals hassle-free
5. Renewal ensures you’re using the latest encryption standards
6. SSL/TLS can improve website load times with HTTP/2
7. Search engines may prioritize sites with active SSL
8. Ensures ongoing encryption of user data and transactions on your website

With that in mind, let’s proceed to the prerequisites in order to renew a Let’s Encrypt SSL certificate.

What You’ll Need

As we are about to deal with the Let’s Encrypt SSL certificate on Linux, ensure you have the prerequisites below for seamless certificate renewal:

1. A fully functioning Linux distribution
2. Ensure the server’s clock is correctly set (guide)
3. Ensure you have a fully qualified domain name (FQDN)
4. Ensure the python-pip package is installed (guide)
5. Ensure the firewall does not block Let’s Encrypt’s verification servers (guide)
6. Ensure you have proper administrative privileges (Root or Sudo) (guide)
7. A stable internet connection

How to Renew Let’s Encrypt SSL Certificate on Linux: Step-by-Step

Step 1: Install Certbot on Linux

1. Now what’s Certbot, you may be asking? Well, it’s a free, open-source software tool designed to effortlessly deploy Let’s Encrypt certificates on websites you manage manually, enabling HTTPS. Before you can use Certbot to renew the Let’s Encrypt SSL certificate, it’s best to check if you already have it installed on your machine. You can check this by running the following command:

sudo certbot --version

2. If you find the output stating “sudo: certbot: command not found,” then it means the Certbot isn’t installed. So, install Certbot by running the following command:

sudo pip install certbot certbot-nginx

3. After installing Certbot, ensure you create a symlink for the proper functioning of Certbot using the below command:

sudo ln -s /opt/certbot/bin/certbot/usr/bin/certbot

You might get an error message if the symbolic link already exists or if there’s an error. Otherwise, it returns to the terminal ready to process a new command.

Step 2: Renew your Let’s Encrypt SSL Certificate with Certbot

Certbot can look for the certificates up for renewal, and you don’t have to worry about specifying the domain name.

Hence, follow the steps below to renew your certificate:

1. Open the terminal and enter the below command to renew the certificate:

sudo certbot renew

2. As you can see in the previous screenshot, the website is not due for renewal, and If it is due, you will find an output like below:

3. While Certbot performs auto checks for renewals, it can renew specific or multiple certificates. Here are commands for both:

Renew Specific certificate: sudo certbot renew --cert-name <your_domain_name_here>

Renew Multiple certificates: sudo certbot renew --cert-name <your_domain_name_here>,<your_domain_name_here>

There are no additional steps, and the output remains the same if you manually renew a certificate using Certbot.

However, if you’re worried that there could be any issues, then performing a test would be useful, which we will cover next.

Step 3: Test the Renewal of the Let’s Encrypt SSL Certificate

1. Open the terminal and type in the below command to test the renewal process without renewing the certificate. Refer to the sample output below for a better understanding:

sudo certbot renew --dry-run

From the output screenshot, you can notice that the renewal isn’t done but simulated. In this process, if there’s any error, you will be shown accordingly so that you can resolve them prior.

With the above steps, you have successfully tested and renewed the Let’s Encrypt certificate. 

The next step (which is the last step) involves the process of updating the Let’s Encrypt certificate to reflect these changes.

Also Read: How to Secure Apache with Let’s Encrypt SSL Certificate on CentOS 8

Step 4: Update your Let’s Encrypt Certificate

1. Before proceeding with this step, ensure you have renewed your Let’s Encrypt Certificate without errors. If done, enter the below command to update your certificate as you have made changes to your website’s configuration:

sudo certbot certonly --force-renewal -d <your_domain_name_here>

2. If you have multiple certificates to update, enter the below command. While entering the command, ensure you add a “-d flag” for every domain name so it doesn’t generate an error:

sudo certbot certonly --force-renewal -d <your_domain_name> -d <your_domain_name> 

You can use the above command without the “–-force-renewal” flag, but it is important to include it.

This is because it forces the Certbot to issue a new certificate even if the current certificate is still valid for safety purposes. 

Conclusion

Congratulations on renewing the Let’s Encrypt SSL certificate on Linux!

While the above steps might seem easy, it is important to get them right and cross-check each output to ensure that there are no errors.

If you’re stuck with any step or having issues with the above approaches, you may reach out to the Let’s Encrypt Community Support or EFF Certbot for better assistance.