Programster's Blog

Tutorials focusing on Linux, programming, and open-source

Renew SSL Certificates On Debian 10 Using Certbot

Related Posts

Prerequisites

All the methods below require you to have installed Certbot which can be done by running:

sudo apt-get install certbot -y

Website - Automatic Renewal

The following instructions will show you how to use certbot to automatically update your apache/nginx webservers SSL certificate. This assumes certbot is running on the webserver itself, and this there is just one single webserver, or this is the singular reverse proxy.

Install the plugin for certbot to work with Apache.

sudo apt-get install python-certbot-apache -y

... Alternatively, if you are using nginx:

sudo apt-get install python-certbot-nginx -y

Have certbot install SSL certificates for your site (this will need to be the server these domains actually point to).

DOMAIN_1="www.mydomain.com"
DOMAIN_2="mydomain.com"
sudo certbot --apache -d $DOMAIN_1 -d $DOMAIN_2

If you just have one domain to renew, then specify just one -d, if you have 3, then specify 3 x -d parameters. You get the gist.

Automatically Renew

To configure certbot to automatically renew your certificates, edit your cronjobs with:

sudo crontab -e

Add a line to try and renew the certificates daily

@daily /usr/bin/certbot renew --quiet

Manual DNS Based Method

This manual method doesn't use Docker, but allows you to specify the key size and will provide a DNS record for you to manually enter and check for, before proceeding. Thus, this action can be run on any computer, not necessarily the one that the domain is on.

Steps

Now you can use certbot to request an SSL certificate through a DNS challenge.

DOMAIN="my.domain.com"

sudo certbot certonly \
  --manual \
  --rsa-key-size 2048 \
  --preferred-challenges dns \
  --debug-challenges \
  -d $DOMAIN
Last updated: 25th April 2022
First published: 19th January 2021