More than 80 days have passed since I first created SSL certificates with Let’s Encrypt (see: Switching my SSL certificates to Let’s Encrypt). And since the certificates are only valid for 90 days it was nice of Let’s Encrypt to remind me that I need to renew my certificates:
I have Let’s Encrypt certificates for this blog (andykdocs.de) and the markdown server software that runs my blog (allmark.io).
The steps for renewing these certificates are quite simple and the command options are well documented at Let’s Encrypt » How It Works:
- Connect to your server
Goto the folder where you downloaded the letsencrypt client
Pull the latest version of the letsencrypt client
git pull origin master
Stop your server that is running on port 443 because the letsencrypt client will start a server on its own to verify that you control that IP address.
Start the renewal process
./letsencrypt-auto certonly -t --standalone --keep -d www.andykdocs.de,andykdocs.de
The new certificates are placed in
root@andykdocs:/etc/letsencrypt/live# tree . |-- www.allmark.io | |-- cert.pem -> ../../archive/www.allmark.io/cert2.pem | |-- chain.pem -> ../../archive/www.allmark.io/chain2.pem | |-- fullchain.pem -> ../../archive/www.allmark.io/fullchain2.pem | `-- privkey.pem -> ../../archive/www.allmark.io/privkey2.pem `-- www.andykdocs.de |-- cert.pem -> ../../archive/www.andykdocs.de/cert2.pem |-- chain.pem -> ../../archive/www.andykdocs.de/chain2.pem |-- fullchain.pem -> ../../archive/www.andykdocs.de/fullchain2.pem `-- privkey.pem -> ../../archive/www.andykdocs.de/privkey2.pem 2 directories, 8 files root@andykdocs:/etc/letsencrypt/live#
Copy the certificate and the private key to you server folder and restart the server.
Here is a quick video of me renewing the SSL certificates for allmark.io:
… since this process is so easy my next post will be about how to automate the certificate renewal process.