Renewing Let's Encrypt SSL certificates

Renewing my Let's Encrypt SSL certificates for the first time
created by on 2016-01-30

More than 80 days have passed since I first created SSL certificates with Let’s Encrypt (see: Switching my SSL certificates to Let’s Encrypt). And since the certificates are only valid for 90 days it was nice of Let’s Encrypt to remind me that I need to renew my certificates:

Screenshot of the Let's Encrypt SSL certificate expiration reminder e-mail

I have Let’s Encrypt certificates for this blog ( and the markdown server software that runs my blog (

The steps for renewing these certificates are quite simple and the command options are well documented at Let’s Encrypt » How It Works:

  1. Connect to your server
  2. Goto the folder where you downloaded the letsencrypt client

    cd /usr/local/src/letsencrypt
  3. Pull the latest version of the letsencrypt client

    git pull origin master
  4. Stop your server that is running on port 443 because the letsencrypt client will start a server on its own to verify that you control that IP address.

  5. Start the renewal process

    ./letsencrypt-auto certonly -t --standalone --keep -d,

    Screenshot of the Let's Encrypt renewal command output

  6. The new certificates are placed in /etc/letsencrypt/live/<your-domain>

    root@andykdocs:/etc/letsencrypt/live# tree
    |    |-- cert.pem -> ../../archive/
    |    |-- chain.pem -> ../../archive/
    |    |-- fullchain.pem -> ../../archive/
    |    `-- privkey.pem -> ../../archive/
            |-- cert.pem -> ../../archive/
            |-- chain.pem -> ../../archive/
            |-- fullchain.pem -> ../../archive/
            `-- privkey.pem -> ../../archive/
    2 directories, 8 files
  7. Copy the certificate and the private key to you server folder and restart the server.

Here is a quick video of me renewing the SSL certificates for

Let's Encrypt SSL certificate renewal

… since this process is so easy my next post will be about how to automate the certificate renewal process.