Dev Notes

Software Development Resources by David Egan.

Upgrading Letsencrypt Auto to Certbot


LetsEncrypt, SSL, Server
David Egan

To upgrade from an older LetsEncrypt to Certbot on Ubuntu 14.04, install Certbot and run the auto-upgrading script.

Install Certbot

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

Move the script to a suitable location:

sudo mv certbot-auto /opt

Run the Installer

Move into the containing directory and run the installer:

cd /opt
./certbot-auto

Renew Certs

Certbot picks up on existing configurations pretty well. To run the auto-renew dialog:

sudo ./certbot-auto renew

# or:

sudo ./certbot-auto renew --dry-run

This brings up an ncurses window.

Note that all domains on the server will be pre-selected for domain renewal.

Be careful here - if you inadvertently leave a domain selected where the site hasn’t been set up for SSL, you can end up with a broken site. This is because all internal links will be pointing to the “http://” version, and Certbot will have created and enabled a vhosts configuration for the “https://” version.

After selecting domains for cert renewal/registration, you will also get the option to choose whether HTTPS access is required or optional. “Required” is generally a good choice.

Success message:

IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at
   /etc/letsencrypt/live/example.com/fullchain.pem. Your cert
   will expire on 2016-12-12. To obtain a new or tweaked version of
   this certificate in the future, simply run certbot-auto again with
   the "certonly" option. To non-interactively renew *all* of your
   certificates, run "certbot-auto renew"
 - If you like Certbot, please consider supporting our work by:

   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le

comments powered by Disqus