How To Renew A Let’s Encrypt Certificate

Let’s Encrypt is a fantastic new, free service that allows one to get a free SSL certificate to make one’s site on HTTPS. Let’s encrypt certificates only last a few months, so they must be renewed from time to time. This article will discuss, step-by-step, how to renew a Let’s Encrypt certificate

A Few Assumptions For This Article

This article assumes that you already have certbot installed, that you already have HTTPS working for your site, that you are using Apache or Nginx, and that you have an SSL certificate for your site. If you don’t already have a Let’s Encrypt certificate, then read our article here about how to set one up.

Step 1: Make sure your system is up-to-date

Before we begin with the update, it is a very good idea to make sure that the system is up-to-date, just in case, for example, there is a new version of certbot that you should upgrade to. To do this simply type
sudo apt-get update && sudo apt-get upgrade -y

Step 2: Use certbot command to open up program and choose to renew for your domain

If you are using Apache, type the following command:
sudo certbot --apache

Or if you are using Nginx, type the following command:
sudo certbot --nginx

From here, you will see all of your domains hosted on the server. You will need to pick which domain you want to renew. Personally, I only ever renew one domain at a time, and its subdomains, just to be safe.

I will choose to renew both. My site and its subdomain, www.linuxwebdevelopment.com were options 3 and 4, so I inputted 3,4 for the input.

Step 3: Choose to Actually Renew And Replace The Certificate

The next step is fairly easy. It gives you a choice of
1. Attempt to reinstall this existing certificate
2. Renew & replace the cert (limit ~5 per 7 days)

You should choose option 2. Input 2 into the terminal.

Step 4: Choose Whether to allow both HTTP and HTTPS, or force all requests as HTTPS

There are also 2 options in this step. You will have to choose between allowing both HTTP and HTTPS, or just HTTPS. Personally, I always choose option 2, forcing everything as HTTPS because it is more secure, and probably better for SEO. (Note though. If you do it this way, and later your certificate gets messed up, it is possible your whole site could go down.)

Step 5: A Successful Install

After a successful renewal, you will see a message like the one below.

Lastly, it is a good idea to check your site with https://www.ssllabs.com/ssltest/analyze.html to make sure there are no major problems with your certificate that you should fix.

What did you think of this article? Do you have anything to add? Let’s discuss it in the comments below.