PER-REQUISITES
1.Run
sudo apt-get update
to download and upgrade package information from all configured sources.
2.Run
sudo apt-get install python3-certbot-nginx
to install the Certbot client which is used in managing SSL/TLS certificates with the Nginx web server.
NON-WILDCARD SSL RENEWAL
For domains which do not require the use of wildcard domains make use of the command below;
Run
sudo certbot --nginx -m example@gmail.com -d domain.ddns.net
replace the example@gmail.com with your own email and domain.ddns.net with the domain you are renewing the SSL for.
Wildcard SSL Certificate Renewal ( if you are using a non-wild card domain then skip step 1a and 1b )
Run
sudo certbot certonly --manual --preferred-challenges=dns --email example@gmail.com --server https://acme-v02.api.letsencrypt.org/directory --agree-dos -d domain.ddns.net -d "*.domain.ddns.net"
replace the example@gmail.com with your own email and both domain.ddns.net and ("*.domain.ddns.net") with the domain you are renewing the SSL for.
1a. At this point on the terminal enter "A" to accept terms and "C" to cancel the process and hit Enter.
1b. This step is to allow redirect of HTTP to the new HTTPS. There are two options to choose from;
a. Enter type 2 => Highly recommended and hit enter.
b. Enter type 1=> To disallow redirect and hit enter.
EXTRAS
- Run
sudo service nginx restart
to ensure the Nginx would reload and pick up the new configurations.
- Run
sudo certbot renew --dry-run
to manually renew the SSL certificate before its expiry.
- To check your available certs and expiration dates, run
sudo certbot certificates
Step 2 is Not Recommended.
Conclusion
The process of SSL certificate renewal is a critical aspect of maintaining a secure and trustworthy online presence. In this post, we explored the steps needed for the renewal of SSL certificates on an Ubuntu server which is very important aspect of server management in terms of securing data transmissions, establishing trust with visitors, and improving search engine rankings
Top comments (0)