This is a blog about “ How to Renew an SSL Certificate with CERTBOT”.
My website was running successfully until I faced an issue where my SSL Certificate got expired, I googled and searched for blogs and posts to renew the SSL certificate. Then I found a solution of how to renew the SSL certificate with CERTBOT.
What is an SSL Certificate?
SSL stands for Secure Sockets Layer, a global standard security technology that enables encrypted communication between a web browser and a web server. SSL is the backbone of our secure Internet and it protects your sensitive information as it travels across the world’s computer networks.
Why SSL Certificate?
The primary reason why SSL is used is to keep sensitive information sent across the Internet encrypted so that only the intended recipient can access it. When an SSL certificate is used, the information becomes unreadable to everyone except for the server you are sending the information to.
Certbot is part of EFF’s effort to encrypt the entire Internet. Certbot is an easy-to-use client that fetches a certificate from Let’s Encrypt—an open certificate authority launched by the EFF, Mozilla, and others—and deploys it to a web server.
How to renew SSL Certificate using Certbot?
To renew SSL Certificate, run the following command to test the Certificate renewal,
sudo certbot certonly -d domainname -w renew-folder –dry-run
- -d indicates the domain name, for which domain you are renewing the certificate.
- renew-folder is the place where your certificate is stored after renewal.
- –dry-run flag is used to test whether the certificate is renewal is accomplished.
If you want to use the same certificate for two domains use the below command,
sudo certbot certonly -d example.com -d www.example.com -w /etc –dry-run
Once you run the command the certbot will ask you for four options.
1: Obtain certs using a DNS TXT record (if you are using DigitalOcean for DNS).
2: Nginx Web Server plugin (nginx)
3: Spin up a temporary web server (standalone)
4: Place files in webroot directory (webroot)
this blog will explain to you about renewing SSL certificate with digital ocean, click 1 and press enter, this will ask you for the INI file location,
Input the path to your DigitalOcean credentials INI file (Enter ‘c’ to cancel)
Before entering the .ini file location you should create your API key in the digital ocean.
- Create a hidden directory in your folder,
mkdir .certificate cd .certificate
- Create a file named digitalocean.ini, and save your API key here,
dns_digitalocean_token = API KEY
- Change the permission of the file
chmod 600 .certificate/digitalocean.ini
Run the command,
sudo certbot certonly -d www.example.com -w /etc –dry-run
once you get the success message, run the command without –dry-run your certificate will get renewed.