DEV Community

Cover image for How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line
Codever profile image Adrian Matei
Adrian Matei for Codever

Posted on • Updated on • Originally published at codever.dev

How to renew Let's Encrypt ssl certificate with certbot for nginx in the command line

#security #letsencrypt #codever #snippets

At Codever we use Let's Encrypt to generate our SSL Certificates 🙏 ❤️

First list available certificates with the following command sudo certbot certificates. Should look something like the following:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2021-12-21 13:06:54+00:00 (VALID: 19 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Select the Certificate Name from the list and do a dry run before executing the actual command, with the help of --dry-run flag - e.g. sudo certbot renew --cert-name codever.land --dry-run. The result should look something like the following:

sudo certbot renew --cert-name codever.land --dry-run
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-staging-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates below have not been saved.)

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
** DRY RUN: simulating 'certbot renew' close to cert expiry
**          (The test certificates above have not been saved.)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Execute the actual renewal by removing the --dry-run flag

$ sudo certbot renew --cert-name codever.land

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Processing /etc/letsencrypt/renewal/codever.land.conf
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Cert is due for renewal, auto-renewing...
Plugins selected: Authenticator nginx, Installer nginx
Starting new HTTPS connection (1): acme-v02.api.letsencrypt.org
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for codever.land
http-01 challenge for www.codever.land
Waiting for verification...
Cleaning up challenges

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
new certificate deployed with reload of nginx server; fullchain is
/etc/letsencrypt/live/codever.land/fullchain.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/codever.land/fullchain.pem (success)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Use the sudo cerbot certificates command to verify the validity and check the new expiration date:

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: codever.dev
    Domains: codever.dev www.codever.dev
    Expiry Date: 2022-03-02 11:13:46+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.dev/privkey.pem
  Certificate Name: codever.land
    Domains: codever.land www.codever.land
    Expiry Date: 2022-03-02 11:18:39+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/codever.land/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/codever.land/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Enter fullscreen mode Exit fullscreen mode

Shared with ❤️ from Codever. 👉 use the copy to mine functionality to add it to your personal snippets collection.

Top comments (0)

Read next

zerogru profile image

[picoctf] Scan Surprise writeup

zerogru -

lulu_liu_c90f973e2f954d7f profile image

SafeLine WAF: The Ultimate Lightweight Web Application Firewall for Security

Lulu -

best_codes profile image

Top 5 AI Models YOU Can Run Locally on YOUR Device! 🤯

Best Codes -

arbythecoder profile image

Day 28 - Secure Your Kubernetes Deployments: A Beginner's Guide to Anchore

Arbythecoder -