Access to a reliable and secure online environment is no longer a luxury. Nothing seems impossible now that the internet connects all corners of the globe. The internet and its numerous protocols have spurred the creation of e-learning, video conferencing, gaming, and other platforms that link people from all over the world. Regardless of how much we laud the internet, its legitimacy is meaningless without security.
Let’s Encrypt is a non-profit certificate authority providing free TLS (Transport Layer Security) encryption certificates for various domain names.
Because internet consumers prefer to browse SSL-secured websites (HTTPS) over unsecured websites (HTTP), internet-based apps and platforms must evaluate the authenticity of Let’s Encrypt SSL certificates to keep their reputation.
Let’s Encrypt uses SSL (Secure Sockets Layer) to protect active HTTPS connections against unauthorized data intrusions. In such cases, only the client and server can interact with sent data in an unencrypted manner.
Renewing the Let’s Encrypt certificate on Ubuntu
In this guide, I will illustrate how to renew the Let’s Encrypt certificate on your Ubuntu OS. For illustration purposes, I will be using Ubuntu 22.04.
We shall be using the two methods below to renew the Let’s Encrypt certificate:
- Automatically renew the Let’s Encrypt certificate on Ubuntu
- Manually renewing the Let’s Encrypt certificate on Ubuntu
Method 1: Automatically renew the Let’s Encrypt certificate on Ubuntu
The client certbot handles the installation, maintenance, and automatic renewal of Let’s Encrypt certificates by default. Before we proceed with this article segment, please confirm that you satisfy the following requirements:
- Let’s Encrypt is installed on your Linux machine.
- Your Linux server is updated.
- DNS records for your domain name are correctly set.
- You have a domain name that is registered and operating for your website or web app.
We no longer need to keep track of our SSL certificate’s expiration dates using the auto-renew option. For example, if we want the auto-renewal to occur once a month, we will navigate to the crontab.
sudo crontab -e
And append the following information at the bottom of the file.
0 0 1 * * /opt/letsencrypt/letsencrypt-auto renew
A crontab item should also be added to update Let’s Encrypt automatically.
0 0 1 * * cd /opt/letsencrypt && git pull
That’s it. Your Let’s Encrypt certificate will auto-renew.
Method 2: Manually renew the Let’s Encrypt certificate on Ubuntu
Let’s Encrypt installs, manages, and automatically renews the certificates it provides using the client Certbot. If your certificate does not renew automatically on your OS, you may manually renew it at any time by running the following:
sudo certbot renew
If you have numerous certificates for various domains and wish to renew one of them, use the following:
certbot certonly --force-renew -d fosslinux.com
Note: fosslinux.com has been used as an example of a domain to be registered. Therefore, ensure you input the right domain to avoid random errors.
The –force-renew parameter tells Certbot to seek a new certificate with the exact domains as an existing certificate. The -d parameter allows you to renew certificates for several domains simultaneously.
To ensure that the certificate has been renewed, execute the following:
sudo certbot renew --dry-run
If the command returns no errors, the renewal process is successful.
Renewing your certificate certifies the identification of your website. It ensures that the encryption you utilize is up to date, keeping user data safe while in transit. Let’s Encrypt certificates are supposed to expire every 90 days, although they should be renewed every 60 days. This is done to improve security by reducing the harm caused by a compromised key and promoting automated renewal methods. We have successfully demonstrated how to manually or automatically renew Let’s Encrypt SSL certificates. I hope you found this article tutorial useful. Please leave a remark or feedback. Thanks for reading.