In my previous article I showed you how to use Letsencrypt to secure a production Apex instance. This is specially important when you have a webfacing Apex instance. Only issue with Letsencrypt free SSL certificates is that it expires in 6 months, so it has to be renewed.
Though letsencrypt certificate have an automatic way to renew the SSL certificates I always prefer to do it manually, specially when it is for a production instance.
Lets go ahead and renew the SSL certificates which was created in previous article
Step 1. Renew Letsecnrypt certificate
$ cd /etc/letsencrypt/ $ ./certbot-auto certonly --force-renew --webroot /home/whadev/public_html --cert-name whadev.whitehat-staging.com.au
Input the webroot for whadev.whitehat-staging.com.au: (Enter ‘c’ to cancel): /home/whadev/public_html
Waiting for verification…
Cleaning up challengesIMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/whadev.whitehat-staging.com.au/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/whadev.whitehat-staging.com.au/privkey.pem
Your cert will expire on 2019-04-09. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew *all* of your certificates, run
“certbot-auto renew”
– If you like Certbot, please consider supporting our work by:Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-leGo to directory /etc/letsencrypt/live/whadev.whitehat-staging.com.au to verify
Step 2. Generate a new PFX file, with certificates already renewed by certbot
$ cd /etc/letsencrypt/live/whadev.whitehat-staging.com.au $ openssl pkcs12 -export -out bundle.pfx -inkey privkey.pem -in cert.pem -certfile chain.pem -password pass:yourpassword
Step 3. Copy the PFX file to the directory of Apache Tomcat (optional step since my Tomcat 9 is installed with another user)
$ cp -p /etc/letsencrypt/live/whadev.whitehat-staging.com.au/bundle.pfx /home/oracle/apache-tomcat/webapps
Step 4. Restart Apache Tomcat
Now you can see the Lets encrypt certificate is renewed on your site