Note: As soon as I need to install a new certificate for some new domain, this post will be edited and we will have a “How to install a ‘standalone’ certbot certificate”. But for now, just renewal.
After the first certificate is configured, your email will be linked to this certificate and close to the expiration date, you will receive a notice about the need for renewal, sent automatically by let`s encrypt, something like this:
sudo certbot certonly --force-renew -d domain.com
Don’t forget to change “domain.com” to the domain you want to renew.
At this point, you will be asked to indicate whether you want to renew using a temporary webserver or place the files in the domain directory.
What’s the difference? I’m not sure about that, but I read (or I think I read) that the first option needs another server running to generate the certification files (maybe locally with several ‘localhosts’ works), but as my domain is already hosted and I don’t have another server (or I don’t know how to do it) I chose option 2.
If all goes well, you will receive the message that the new certificate has been generated and the folder where the files were placed will be indicated:
In my case /etc/letsencrypt/live/adielsefr.in-0001/. Note that a -0001 appeared after the domain, as the first certificate was stored in /etc/letsencrypt/live/adielseffr.in/.
At the next renewal I count if a new folder is created at each renewal, but I believe so.
As the directory that stores the certificate has changed, one of the alternatives is to update our webserver. Possibly here the paths change a little if you use Apache or Nginx, but I use OpenLiteSpeed, so the process looks like:
Go to your webserver homepage and look for the “Virtual Hosts” tab.
Under “Virtual Hosts”, find the domain for which you issued the certificate and click to view its details:
In this section, look for “SSL” tab:
Here, change the folder from the old certificate to the new one:
After that, do a “Graceful Restart” and you’re all set!
Now you can go to your website, click on the padlock in the address bar and check the date of issue and expiration of your certificate.
Repeat the process for each domain you want to renew.