sudo apt-get update
to download and upgrade package information from all configured sources.
sudo apt-get install python3-certbot-nginx
to install the Certbot client which is used in managing SSL/TLS certificates with the Nginx web server.
NON-WILDCARD SSL RENEWAL
For domains which do not require the use of wildcard domains make use of the command below;
sudo certbot --nginx -m firstname.lastname@example.org -d domain.ddns.net
replace the email@example.com with your own email and domain.ddns.net with the domain you are renewing the SSL for.
Wildcard SSL Certificate Renewal ( if you are using a non-wild card domain then skip step 1a and 1b )
sudo certbot certonly --manual --preferred-challenges=dns --email firstname.lastname@example.org --server https://acme-v02.api.letsencrypt.org/directory --agree-dos -d domain.ddns.net -d "*.domain.ddns.net"
replace the email@example.com with your own email and both domain.ddns.net and ("*.domain.ddns.net") with the domain you are renewing the SSL for.
1a. At this point on the terminal enter "A" to accept terms and "C" to cancel the process and hit Enter.
1b. This step is to allow redirect of HTTP to the new HTTPS. There are two options to choose from;
a. Enter type 2 => Highly recommended and hit enter.
b. Enter type 1=> To disallow redirect and hit enter.
sudo service nginx restart
to ensure the Nginx would reload and pick up the new configurations.
sudo certbot renew --dry-run
to manually renew the SSL certificate before its expiry.
- To check your available certs and expiration dates, run
sudo certbot certificates
Step 2 is Not Recommended.
The process of SSL certificate renewal is a critical aspect of maintaining a secure and trustworthy online presence. In this post, we explored the steps needed for the renewal of SSL certificates on an Ubuntu server which is very important aspect of server management in terms of securing data transmissions, establishing trust with visitors, and improving search engine rankings