Uly.me

cloud engineer

certbot

Adding Domains in Certbot

You can register multiple domains to a single SSL certificate. This is particularly useful if you are hosting multiple domains on one server. This command adds more domains to your existing certificate.

certbot --expand -d existing.com -d newdomain1.com -d newdomain2.com

Check if the domains were added.

certbot certificates

Certbot certificates are valid for 90 days, but they automatically renew themselves if expiration is less than 30 days. If you need to renew manually for some odd reason, you can run this command. You can also perform a dry-run before renewing.

certbot renew
certbot renew --dry-run

Certbot AWS Renewals

Here are the instructions for renewing Certbot SSL certificates in AWS Certificate Manager. Certbot provides SSL certificates for free for 60 days and are auto-renewed before they expire. If you are using Certbot SSL certificates with CloudFront, you will need to reimport them to AWS Certificate Manager before expiration.

  1. Get the latest SSL certificate by running “certbot certificates.”
  2. Reimport the certificate in 3 parts.
    • Certificate Body – the root or top portion of the full chain
    • Certificate Private key – the private key
    • Certificate chain – the entire full chain containing multiple certificates
  3. Click Save. Check expiration.

You’ll need to update the certificate before the next expiration date.

Certbot

Certbot is an easy-to-use automatic client that fetches and deploys SSL/TLS certificates for your webserver. Certbot was developed by EFF and others as a client for Let’s Encrypt and was previously known as “the official Let’s Encrypt client” or “the Let’s Encrypt Python client.” Certbot will also work with any other CAs that support the ACME protocol.

Just choose your webserver, e.g. Apache, Nginx or IIS, as well as your operating system. Here’s the instruction for Ubuntu 16.04 LTS.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache

To install the certificate

sudo certbot --apache

To renew certificate

$ sudo certbot renew