How to renew a “standalone” certbot certificate and update in OpenLiteSpeed

certbot-logo

Note: As soon as I need to install a new certificate for some new domain, this post will be edited and we will have a “How to install a ‘standalone’ certbot certificate”. But for now, just renewal.

After the first certificate is configured, your email will be linked to this certificate and close to the expiration date, you will receive a notice about the need for renewal, sent automatically by let`s encrypt, something like this:

After the email arrives, we have to access the server where the certificate will be stored. Once accessed, we run the following commands:
sudo certbot certonly --force-renew -d domain.com

Don’t forget to change “domain.com” to the domain you want to renew.

At this point, you will be asked to indicate whether you want to renew using a temporary webserver or place the files in the domain directory.
What’s the difference? I’m not sure about that, but I read (or I think I read) that the first option needs another server running to generate the certification files (maybe locally with several ‘localhosts’ works), but as my domain is already hosted and I don’t have another server (or I don’t know how to do it) I chose option 2.

If all goes well, you will receive the message that the new certificate has been generated and the folder where the files were placed will be indicated:

In my case /etc/letsencrypt/live/adielsefr.in-0001/. Note that a -0001 appeared after the domain, as the first certificate was stored in /etc/letsencrypt/live/adielseffr.in/.
At the next renewal I count if a new folder is created at each renewal, but I believe so.

As the directory that stores the certificate has changed, one of the alternatives is to update our webserver. Possibly here the paths change a little if you use Apache or Nginx, but I use OpenLiteSpeed, so the process looks like:

Go to your webserver homepage and look for the “Virtual Hosts” tab.

Main menu from do OpenLiteSpeed

Under “Virtual Hosts”, find the domain for which you issued the certificate and click to view its details:

Virtual Hosts list

In this section, look for “SSL” tab:

SSL tab

Here, change the folder from the old certificate to the new one:

First(old) certificate address
Updated(new) certificate address

After that, do a “Graceful Restart” and you’re all set!

Graceful Restart

Now you can go to your website, click on the padlock in the address bar and check the date of issue and expiration of your certificate.

Certificate data – emission e expiracy dates updated

Repeat the process for each domain you want to renew.

Leave a Reply

Your email address will not be published. Required fields are marked *