Renewing Let's Encrypt SSL certificates

Renewing my Let's Encrypt SSL certificates for the first time
created by on 2016-01-30

More than 80 days have passed since I first created SSL certificates with Let’s Encrypt (see: Switching my SSL certificates to Let’s Encrypt). And since the certificates are only valid for 90 days it was nice of Let’s Encrypt to remind me that I need to renew my certificates:

Screenshot of the Let's Encrypt SSL certificate expiration reminder e-mail

I have Let’s Encrypt certificates for this blog (andykdocs.de) and the markdown server software that runs my blog (allmark.io).

The steps for renewing these certificates are quite simple and the command options are well documented at Let’s Encrypt » How It Works:

  1. Connect to your server
  2. Goto the folder where you downloaded the letsencrypt client

    cd /usr/local/src/letsencrypt
    
  3. Pull the latest version of the letsencrypt client

    git pull origin master
    
  4. Stop your server that is running on port 443 because the letsencrypt client will start a server on its own to verify that you control that IP address.

  5. Start the renewal process

    ./letsencrypt-auto certonly -t --standalone --keep -d www.andykdocs.de,andykdocs.de
    

    Screenshot of the Let's Encrypt renewal command output

  6. The new certificates are placed in /etc/letsencrypt/live/<your-domain>

    root@andykdocs:/etc/letsencrypt/live# tree
    .
    |-- www.allmark.io
    |    |-- cert.pem -> ../../archive/www.allmark.io/cert2.pem
    |    |-- chain.pem -> ../../archive/www.allmark.io/chain2.pem
    |    |-- fullchain.pem -> ../../archive/www.allmark.io/fullchain2.pem
    |    `-- privkey.pem -> ../../archive/www.allmark.io/privkey2.pem
    `-- www.andykdocs.de
            |-- cert.pem -> ../../archive/www.andykdocs.de/cert2.pem
            |-- chain.pem -> ../../archive/www.andykdocs.de/chain2.pem
            |-- fullchain.pem -> ../../archive/www.andykdocs.de/fullchain2.pem
            `-- privkey.pem -> ../../archive/www.andykdocs.de/privkey2.pem
    
    
    2 directories, 8 files
    root@andykdocs:/etc/letsencrypt/live#
    
  7. Copy the certificate and the private key to you server folder and restart the server.

Here is a quick video of me renewing the SSL certificates for allmark.io:

Let's Encrypt SSL certificate renewal

… since this process is so easy my next post will be about how to automate the certificate renewal process.

Shortlink:
Tags: