Renewing Let’s Encrypt SSL certificate

13 Jul, 2017 Tools 0

The other day I have received an email from the Let’s Encrypt Expiry Bot stating that my SSL certificate for the domain name lucaslouca.com is about to expire.

In this post I have extensively described how to setup a WordPress blog on an EC2 instance along with a Let’s Encrypt SSL certificate.

Since I don’t want my visitors to encounter any errors when visiting my site I had to renew my SSL certificate. Here are the commands I used to renew my certificate:

Before I run letsencrypt, I temporarily disabled /var/www/html/.htaccess:

# mv /var/www/html/.htaccess /var/www/html/.htaccess_

1 2	# mv /var/www/html/.htaccess /var/www/html/.htaccess_

Run the letsencrypt command:

# /usr/local/letsencrypt/letsencrypt-auto renew --force-renew

1 2	# /usr/local/letsencrypt/letsencrypt-auto renew --force-renew

with output:

Requesting root privileges to run certbot...
  /home/ec2-user/.local/share/letsencrypt/bin/letsencrypt renew --force-renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Processing /etc/letsencrypt/renewal/lucaslouca.com.conf
-------------------------------------------------------------------------------
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for lucaslouca.com
Waiting for verification...
Cleaning up challenges

-------------------------------------------------------------------------------
new certificate deployed without reload, fullchain is
/etc/letsencrypt/live/lucaslouca.com/fullchain.pem
-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/lucaslouca.com/fullchain.pem (success)

Requesting root privileges to run certbot...

/home/ec2-user/.local/share/letsencrypt/bin/letsencrypt renew --force-renew

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------

Processing /etc/letsencrypt/renewal/lucaslouca.com.conf

-------------------------------------------------------------------------------

Renewing an existing certificate

Performing the following challenges:

http-01 challenge for lucaslouca.com

Waiting for verification...

Cleaning up challenges

-------------------------------------------------------------------------------

new certificate deployed without reload, fullchain is

/etc/letsencrypt/live/lucaslouca.com/fullchain.pem

-------------------------------------------------------------------------------

Congratulations, all renewals succeeded. The following certs have been renewed:

/etc/letsencrypt/live/lucaslouca.com/fullchain.pem (success)

Enabled /var/www/html/.htaccess again:

# mv /var/www/html/.htaccess_ /var/www/html/.htaccess

1 2	# mv /var/www/html/.htaccess_ /var/www/html/.htaccess

Finally, go ahead and restart your web server:

# service httpd restart

1 2	# service httpd restart

UPDATE
In case the above method does not work anymore, please try:

# sudo su -
# mv /var/www/html/.htaccess /var/www/html/.htaccess_
# rm -rf /opt/eff.org/*
# pip install -U certbot
# certbot renew --debug
# mv /var/www/html/.htaccess_ /var/www/html/.htaccess
# service httpd restart

# sudo su -

# mv /var/www/html/.htaccess /var/www/html/.htaccess_

# rm -rf /opt/eff.org/*

# pip install -U certbot

# certbot renew --debug

# mv /var/www/html/.htaccess_ /var/www/html/.htaccess

# service httpd restart

Or use the following commands to create new ones

# certbot certonly -d fizzbuzzer.com -d www.fizzbuzzer.com -d fullbeef.com -d www.fullbeef.com

1 2	# certbot certonly -d fizzbuzzer.com -d www.fizzbuzzer.com -d fullbeef.com -d www.fullbeef.com

Looking for good programming challenges?

Renewing Let’s Encrypt SSL certificate