Renewing a Let's Encrypt certificate for Nginx
If having a SSL certificate was once a nice-to-have shiny thingy, nowadays it's almost mandatory for every any kind of respectful website. And with Free SSL/TSL certificates offered for free by Let's Encrypt it would be a shame not to add one to your website, even if it's just a personal blog like this one.
The process of adding a Let's Encrypt certificate is not that hard, even if you don't really know what you are doing. The only downside is the expiry dates of the certificates: only three months. After this period, they have to be renewed (still free though, so do not worry).
The best way to fix this problem would be to set up a cron job. But if by any reason this is not possible, a manual renewal is quite trivial.
Since Let's Encrypt warns you by mail before any of your certificates are about to expire, keep an eye on your inbox. When the time is near, log into your server via ssh and to these 3 simple steps:
- stop your nginx server, so your ports will be available
sudo service nginx stop
- run the renewal command
certbot-auto renew
In case you run into the Certbot: command not found error, try using
./certbot-auto renew
This will automatically renew all the certificates on your server that are about to expire.
- last but not least, start up nginx again
sudo service nginx start
If everything goes well, you should see a message congratulating you! Woohoo~
And in case you somehow still manage to forget the renewal command, just make a blog post like this one and go back to it in times of need :)