Renew SSL Certificates On Debian 10 Using Certbot
Related Posts
Prerequisites
All the methods below require you to have installed Certbot which can be done by running:
sudo apt-get install certbot -y
Website - Automatic Renewal
The following instructions will show you how to use certbot to automatically update your apache/nginx webservers SSL certificate. This assumes certbot is running on the webserver itself, and this there is just one single webserver, or this is the singular reverse proxy.
Install the plugin for certbot to work with Apache.
sudo apt-get install python-certbot-apache -y
... Alternatively, if you are using nginx:
sudo apt-get install python-certbot-nginx -y
Have certbot install SSL certificates for your site (this will need to be the server these domains actually point to).
DOMAIN_1="www.mydomain.com"
DOMAIN_2="mydomain.com"
sudo certbot --apache -d $DOMAIN_1 -d $DOMAIN_2
-d
, if you have 3, then specify 3 x -d
parameters. You get the gist.
Automatically Renew
To configure certbot to automatically renew your certificates, edit your cronjobs with:
sudo crontab -e
Add a line to try and renew the certificates daily
@daily /usr/bin/certbot renew --quiet
Manual DNS Based Method
This manual method doesn't use Docker, but allows you to specify the key size and will provide a DNS record for you to manually enter and check for, before proceeding. Thus, this action can be run on any computer, not necessarily the one that the domain is on.
Steps
Now you can use certbot to request an SSL certificate through a DNS challenge.
DOMAIN="my.domain.com"
sudo certbot certonly \
--manual \
--rsa-key-size 2048 \
--preferred-challenges dns \
--debug-challenges \
-d $DOMAIN
First published: 19th January 2021