DEV Community

Cover image for How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line
Codever profile image Adrian Matei
Adrian Matei for Codever

Posted on • Updated on • Originally published at codever.dev

How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line

#security #letsencrypt #codever #snippets

At Codever we use Let's Encrypt to generate our SSL Certificates πŸ™ ❀️

First list available certificates with the following command sudo certbot certificates. Should look something like the following:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2021-12-21 13:06:54+00:00 (VALID: 19 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Select the Certificate Name from the list and do a dry run before executing the actual command, with the help of --dry-run flag - e.g. sudo certbot renew --cert-name codever.land --dry-run. The result should look something like the following:

sudo certbot renew --cert-name codever.land --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Execute the actual renewal by removing the --dry-run flag

$ sudo certbot renew --cert-name codever.land

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Use the sudo cerbot certificates command to verify the validity and check the new expiration date:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2022-03-02 11:18:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Shared with ❀️ from Codever. πŸ‘‰ use the copy to mine functionality to add it to your personal snippets collection.

Top comments (0)

Read next

devh0us3 profile image

For developers: you must not require needs passwords from users

Alex P -

danhof profile image

Securing Your Site: Obtain an SSL Certificate with Let’s Encrypt When Your ISP Blocks Port 80

Daniel Hofman -

spo0q profile image

Security: Why the "XZ backdoor" is worrying

spO0q πŸ¦„ -

logeshn21 profile image

COMMON VULNERABILITIES: REENTRANCY PART β€” I

Logesh N -