A while back, I set up the Secure Socket Layer (SSL) Certificate in Amazon Lightsail for this web site using the steps in this blog post. Now it is time to renew that certificate.
Update June 2019. You might want consider using the Bitnami SSL configuration tool for automated updating of SSL certificate.
How you know it is time to renew your SSL certificate
Well, each one from the authority last only 3 months. You will receive an email from the authorities informing your SSL is expiring.
When you go to your web site, you can also see the expiry date on your certificate by clicking on the LOCK icon.
Steps to renew SSL Certificate in Amazon Lightsail
Now because we use what it is called a manual method of installing the SSL previously, then we have to use the following steps. Else you will get the following error when you try to renew the certificate using the auto renewal method.
So never mind.. my life is hard. I find trouble for myself. Sigh.
Here are the steps. In a nut shell, basically it was simply repeating the original set up steps when you were using the Amazon tutorial to be setting up the SSL. But okay.. there are much less steps in the renewal process.
First, as a good practice, do an system update of the server using these two commands. You can even reboot the server if you feel you want to.
$ sudo apt update
$ sudo apt upgrade
After that, set the domain and wildcard again using these commands.
DOMAIN=patnotebook.com (my domain, not yours !)
WILDCARD=*.$DOMAIN
echo $DOMAIN && echo $WILDCARD
After that you can issue the famous command to install the certificate.
sudo certbot -d $DOMAIN -d $WILDCARD –manual –preferred-challenges dns certonly
You will see this screen which shows clearly that you are renewing a certificate (even though the command was the same one for your initial set up)
Now, the troublesome part. You can see that you have to do a DNS Challenge (to prove you are the owner of the domain again). You have to add another TXT record to your DNS.
ADD THE NEW TXT RECORD
DO NOT REMOVE THE OLD TXT RECORDS
When successful, you can see this. I wonder when can I remove all the old TXT records. Even 3 months I have a new TXT record……. mmmm….
You can also run these 2 commands to stop and restart the ctlscript.sh scripts in your server.
sudo /opt/bitnami/ctlscript.sh stop
sudo /opt/bitnami/ctlscript.sh start
When all is done, you can go back and check the SSL certificate in your browser…. Tata !!! Renewing SSL Certificate in Amazon Lightsail is a success.
While the above is not really too troublesome, I might try this other method of setting up (or re-setting up) a SSL certificate for my other web sites. The link is Auto-Configure A Let’s Encrypt Certificate. Let’s see 🙂