how to renew let’s encrypt SSL certificate can some one guide me
my blog SSL certificate is expiring next week I want to renew it so I am eager to know how to update it using terminal
2 Likes
I thought they self renewed on Digital Ocean.
But wasn’t sure so looked it up. Turns out I was wrong - which is good to know.
The article I discovered gives simple instructions on how to renew the cert: https://www.digitalocean.com/community/tutorials/an-introduction-to-let-s-encrypt
1 Like
I use the following command.
/root/.acme.sh/acme.sh --force --renew --home /etc/letsencrypt --domain example.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail mail@example.com
Replace example.com with your domain and mail@example.com with your email.
3 Likes
Thanks it worked
@ahmadajmi, do you know how to set up automatical renewal of the cert every 60 days as LetsEncrypt suggests people should do here? I am also using Ghost on a Digital Ocean droplet.
1 Like
Probably by using a Cron Job, but I haven’t tried that, so I’m afraid I won’t be of much help.
Gives me -bash: /root/.acme.sh/acme.sh: No such file or directory 
Also: which eMail address should that be? Any I have access to? The one I used when initially getting the let‘s encrypt cert? The one I use with Digital Ocean? The one I use with Ghost?
Really? Ghost doesn‘t have any command in the ghost-cli to update the let‘s encrypt certificate easily and autoatically? Bummer! 
Run this in SSH sudo certbot renew that’s all. The issue is with DigitalOcean. ghost setup ssl will not work when you are on Digital Ocean and you will get an error.
Ps.
- You have to logout from ghost manager user and get root privilege’s
- You should run t in root folder.
1 Like
Thanks, @thimiraonline – I wish it was that easy …
$ sudo certbot renew
[sudo] password for ghost:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-07-12 08:05:36,486:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1280/bin/certbot
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-12 08:05:36,979:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user: No renewals were attempted.
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-12 08:05:36,982:DEBUG:certbot._internal.renewal:no renewal failures
You have to do it with the root user, not with the ghost manager. and please run it at root dir. I forgot to mention that. It worked for me today it saved my day.
root@ubuntu-xxxxxxxxxxx:/# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Are you with cloudflare or any other CDN?
Hi @ahmadajmi’
I get the following error with your command: sudo: /root/.acme.sh/acme.sh: command not found
The crontab -l command shows that the tasks exists and the /etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --list shows an entry for my domain and LetsEncrypt and that it should have renewed on July 4th. And it expires on august 3rd.
Running ghost setup ssl or ghost setup ssl-renew does not fix it either.
I’m not really ssure as I’m not that experienced in this topic. I do however suggest – as per the error message – to check GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol and make sure it is already installed.
Always take a droplet backup first.
1 Like
Okay, I installed the acme stuff and that seemed to have worked.
However, new problems occured:
Back to square 1. 
Anyone any idea? 
The problem shown in your screenshot is that acme.sh – the Let’s Encrypt client you’re using (and what I believe Ghost installs by default) – needs to be updated.
Let’s Encrypt dropped support for ‘version 1’ of their protocol (ACME) back in June (this year – 2021).
I’m not sure the best way to update acme.sh given that Ghost installed it originally.
Maybe it would be fine to just update it manually?
Actually, that seems to be fine; from a post back in January of last year about this (updating the acme.sh client):
Update ACME Let’s Encrypt SSL Client - General - Ghost ForumBasically, just run:
$ /etc/letsencrypt/acme.sh --upgrade --home "/etc/letsencrypt"
Note that, after upgrading acme.sh, you might need to update some configuration files. See this issue from the acme.sh GitHub project:
After upgrading acme.sh, and updating my site’s .conf file, I was able to renew my site’s certificate with the regular command.
@kenny-evitt : can you please detail out the exact process step by step? difficult to follow through multiple comments. Seems lot of people have this issue - one comment consolidated will be a real help.
1 Like