This site runs best with JavaScript enabled.

Updating LetsEncrypt SSL Cert Remotely

Photo by Tim Gouw on Unsplash


When you can't get things to run properly on your server, do it on your dev machine!

I have a certain website application that I have not properly maintained. It is running Django 1.something on Python 2.7. It also using WordPress on PHP5. I'm sure the Postgres and MySQL DBs are out of date as well.

Frankly, it should be updated or taken down, but I keep it up for nostalgia really.

I recently noticed it has been unresponsive for a while because my LetsEncrypt cert had expired and was not auto-renewing.

When I tried to run the certbot-auto command I used to use to renew, it wasn't working. It is no longer supported. I'm also hosting on an Ubuntu 12.02 release which also is no longer being supported.

Sure, I should move to a supported version of Ubuntu. Sure I should upgrade everything. Sure I should move to Docker. Well, I don't want to spend the time doing all that. I just wanted a new cert!

So here is what I did. I ran certbot auto locally with Docker to get a new cert. I had to use the DNS method for validating the domain.

1docker run -it --rm --name certbot \
2 --mount "type=bind,src=$(pwd)/certs,dst=/etc/letsencrypt" \
3 -v "/var/lib/letsencrypt:/var/lib/letsencrypt" \
4 certbot/certbot certonly --manual --preferred-challenges dns -d "example.com"

Once this completes I will have my certs stored in ./certs/live/example.com I then move them to the server and replace the old ones. I use the method below because I require sudo so I can't just use scp. I also need to restart nginx once they have been copied.

1for filename in ./certs/live/example.com/*; do
2 bname=$(basename -a $filename)
3 cat $filename | ssh user@example.com "sudo tee -a /etc/letsencrypt/live/example.com/$bname"
4done
5ssh user@example.com "sudo service nginx restart"

🧞‍♂️

Now I just have to remember to do this every three months or automate it.

Discuss on TwitterEdit post on GitHub

Share article
Dustin Davis

Dustin Davis is a software engineer, people manager, hacker, and entreprenuer. He loves to develop systems and automation. He lives with his wife and five kids in Utah.

Join the Newsletter



Dustin Davis