|
|
|
HTTPS secure socket layer certificates expire in about 90 days from issue, or last renew. I've set up several machines on a schedule to renew every so often, but newer machines might not be added to that list, or tower might be down on occasion.
|
|
|
|
|
|
|
|
For this reason, here is the instruction to only renew existing certificates.
|
|
|
|
|
|
|
|
Log on to the machine in question via ssh
|
|
|
|
|
|
|
|
`ssh ubuntu@IPorDNS`
|
|
|
|
|
|
|
|
Upgrade to root
|
|
|
|
|
|
|
|
`sudo -i`
|
|
|
|
|
|
|
|
Confirm the certificate needs to be renewed
|
|
|
|
|
|
|
|
`certbot certificates`
|
|
|
|
|
|
|
|
This will not only tell you when the certificate expires, but also which urls are part of the certificate, which can be another reason for https not working.
|
|
|
|
|
|
|
|
If you need to renew the certificate, certbot demands that apache is turned off while it works.
|
|
|
|
|
|
|
|
`systemctl apache2 stop`
|
|
|
|
|
|
|
|
Then you can renew the certificate
|
|
|
|
|
|
|
|
`certbot renew`
|
|
|
|
|
|
|
|
If there's no errors, you can turn apache back on
|
|
|
|
|
|
|
|
`systemctl apache2 start`
|
|
|
|
|
|
|
|
Of note, certbot doesn't allow a renew until the last 30 days of the certificate. The renew will just no-op if it still has over 30 days. |
