Dev Notes

Various Cheat Sheets and Resources by David Egan/Carawebs.

Upgrading Letsencrypt Auto to Certbot


LetsEncrypt, SSL, Server
David Egan

To upgrade from an older LetsEncrypt to Certbot on Ubuntu 14.04, install Certbot and run the auto-upgrading script.

Install Certbot

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Move the script to a suitable location:

sudo mv certbot-auto /opt

Run the Installer

Move into the containing directory and run the installer:

cd /opt
./certbot-auto

Renew Certs

Certbot picks up on existing configurations pretty well. To run the auto-renew dialog:

sudo ./certbot-auto renew

# or:

sudo ./certbot-auto renew --dry-run

This brings up an ncurses window.

Note that all domains on the server will be pre-selected for domain renewal.

Be careful here - if you inadvertently leave a domain selected where the site hasn’t been set up for SSL, you can end up with a broken site. This is because all internal links will be pointing to the “http://” version, and Certbot will have created and enabled a vhosts configuration for the “https://” version.

After selecting domains for cert renewal/registration, you will also get the option to choose whether HTTPS access is required or optional. “Required” is generally a good choice.

Success message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert
   will expire on 2016-12-12. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again with
   the "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

comments powered by Disqus