DEV Community

Cover image for How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line
Codever profile image Adrian Matei
Adrian Matei for Codever

Posted on • Updated on • Originally published at codever.dev

How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line

#security #letsencrypt #codever #snippets

At Codever we use Let's Encrypt to generate our SSL Certificates 🙏 ❤️

First list available certificates with the following command sudo certbot certificates. Should look something like the following:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2021-12-21 13:06:54+00:00 (VALID: 19 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Select the Certificate Name from the list and do a dry run before executing the actual command, with the help of --dry-run flag - e.g. sudo certbot renew --cert-name codever.land --dry-run. The result should look something like the following:

sudo certbot renew --cert-name codever.land --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Execute the actual renewal by removing the --dry-run flag

$ sudo certbot renew --cert-name codever.land

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Use the sudo cerbot certificates command to verify the validity and check the new expiration date:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2022-03-02 11:18:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Shared with ❤️ from Codever. 👉 use the copy to mine functionality to add it to your personal snippets collection.

Top comments (0)

Read next

wyattdave profile image

Power Platform - DLP Policies

david wyatt -

aws-cloudsec profile image

Issue 38 of AWS Cloud Security Weekly

AJ -

devopsadventurer profile image

Bridging Code and Security: Unveiling the Power of DevSecOps

Marc Khaled -

jadijadi profile image

Unveiling the xz Utils Backdoor which deliberately opens our SSH connections for RCEs

Jadi -