Question

How to renew certificate

Posted November 9, 2021 138 views
WordPressDigitalOcean Droplets

Hello.

I have my wordpress site in a droplet.

The staging site has been offline for a while and the certificate failed to renew on time. I brought it up for some testing and it didn’t update. Ok, I thought it was too late. I generated one manually yesterday using certbot and the certificate is there, but the site is still with the old. I already restarted the droplet twice and stopped-started the docker service. No changes.

So, my questions are:

  1. How can I make the server use this certificate and not the old one?
  2. My production site certificate will expire in a few days and hasn’t renewed also. Will a “certbot renew” be enough or is the same issue?

Any advice?

Thanks in advance.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
Submit an Answer
1 answer

Hello, @sarariobom

If you’ve installed certbot it should run regularly on a corn job to make sure all SSLs are automatically renewed.

To test the renewal process, you can do a dry run with certbot:

  • sudo certbot renew --dry-run

If you see no errors, you’re all set. When necessary, Certbot will renew your certificates and reload Apache to pick up the changes. If the automated renewal process ever fails, Let’s Encrypt will send a message to the email you specified, warning you when your certificate is about to expire.

You can find the information in our tutorial as well:

https://www.digitalocean.com/community/tutorials/how-to-secure-apache-with-let-s-encrypt-on-ubuntu-20-04#step-5-%E2%80%94-verifying-certbot-auto-renewal

Regards,
Alex

by Erika Heidi
Let's Encrypt is a Certificate Authority (CA) that facilitates obtaining and installing free TLS/SSL certificates, thereby enabling encrypted HTTPS on web servers. Currently, the entire process of obtaining and installing a certificate is fully automated on both Apache and Nginx with the use of Certbot. In this guide, we'll use Certbot to obtain a free SSL certificate for Apache on Ubuntu 20.04, and make sure this certificate is set up to renew automatically.
  • Hello.

    Thanks, but it is not that easy.

    When I did renew option, I got an error that .conf file is not a valid symlink (although the content looks fine).
    I tried to create a new one and got “Certbot doesn’t know how to automatically configure the web server on this system. However, it can still get a certificate for you.” That’s why I did with certonly option.

    After I cleared /etc/letsencrypt/live, archive and renewal folders, I successfully generated a new one and now renew works.

    My issue is on which folder this should be, or what conf I’m missing for this certificate to replace the old. Because the site is still using the old one.

    • Hello, @sarariobom

      You can check the Apache config file and the virtual host for the domain name. To check this up, open the virtual host file for your domain using nano or your preferred text editor:

      • sudo nano /etc/apache2/sites-available/your_domain.conf

      In the config you will see which SSL files are loaded and then replace the current/old ones with the new SSL Certificate files.

      Regards,
      Alex

      • This instalation was done in a creative way for sure.

        The certificate I replaced was on linux, but I needed to update it inside the docker.

        I found the issue (and later was able to solve it) by running docker-compose up

        Thank you for your feedback.

        • I’m glad that you’ve sorted this! Also thanks for sharing how you’ve managed to resolve the issue as this can help other users too!

          Regards,
          Alex