| ... | ... | @@ -4,28 +4,40 @@ For this reason, here is the instruction to only renew existing certificates. |
|
|
|
|
|
|
|
Log on to the machine in question via ssh
|
|
|
|
|
|
|
|
`ssh ubuntu@IPorDNS`
|
|
|
|
```bash
|
|
|
|
ssh ubuntu@IPorDNS
|
|
|
|
```
|
|
|
|
|
|
|
|
Upgrade to root
|
|
|
|
|
|
|
|
`sudo -i`
|
|
|
|
```bash
|
|
|
|
sudo -i
|
|
|
|
```
|
|
|
|
|
|
|
|
Confirm the certificate needs to be renewed
|
|
|
|
|
|
|
|
`certbot certificates`
|
|
|
|
```bash
|
|
|
|
certbot certificates
|
|
|
|
```
|
|
|
|
|
|
|
|
This will not only tell you when the certificate expires, but also which urls are part of the certificate, which can be another reason for https not working.
|
|
|
|
|
|
|
|
If you need to renew the certificate, certbot demands that apache is turned off while it works.
|
|
|
|
|
|
|
|
`systemctl stop apache2`
|
|
|
|
```bash
|
|
|
|
systemctl stop apache2
|
|
|
|
```
|
|
|
|
|
|
|
|
Then you can renew the certificate
|
|
|
|
|
|
|
|
`certbot renew`
|
|
|
|
```bash
|
|
|
|
certbot renew
|
|
|
|
```
|
|
|
|
|
|
|
|
If there's no errors, you can turn apache back on
|
|
|
|
|
|
|
|
`systemctl start apache2`
|
|
|
|
```bash
|
|
|
|
systemctl start apache2
|
|
|
|
```
|
|
|
|
|
|
|
|
Of note, certbot doesn't allow a renew until the last 30 days of the certificate. The renew will just no-op if it still has over 30 days. |
