Renewing a Let’s Encrypt certificate

Three months have passed, and it’s time to renew this site’s Let’s Encrypt certificate. Fortunately, the Let’s Encrypt team has added a simpler renewal process since the certificates for this site were first generated.

First, you’ll need to update the Let’s Encrypt client to the latest version:

cd path/to/letsencrypt
git remote update

If you’re using Cloudflare, pause the website for each domain you’re going to renew.

cloudflare_paused

Back on your own server, stop your HTTP service (maybe you’ll need sudo):

service nginx stop

or

service apache2 stop

Then (maybe as sudo, depending on how you installed the Let’s Encrypt client):

./letsencrypt-auto renew

That should do the trick.

Restart your HTTP service (service nginx start), un-pause your sites/domains at Cloudflare, and you should be good to go.

You could automate the Let’s Encrypt certificate renewal process by putting the renew command into a cron task, and setting it to run every 60 days, but if you’re using Cloudflare, you’ll also need to deactivate and reactivate the service via their API. It looks like this Ruby script could do the trick.

Leave a Reply

Your email address will not be published.