How to renew lets encrypt ssl after 3 months in digital ocean

how to renew let’s encrypt SSL certificate can some one guide me
my blog SSL certificate is expiring next week I want to renew it so I am eager to know how to update it using terminal

1 Like

I thought they self renewed on Digital Ocean.

But wasn’t sure so looked it up. Turns out I was wrong - which is good to know.

The article I discovered gives simple instructions on how to renew the cert: https://www.digitalocean.com/community/tutorials/an-introduction-to-let-s-encrypt

1 Like

I use the following command.

/root/.acme.sh/acme.sh --force --renew --home /etc/letsencrypt --domain example.com --webroot /var/www/ghost/system/nginx-root --reloadcmd "nginx -s reload" --accountemail mail@example.com

Replace example.com with your domain and mail@example.com with your email.

2 Likes

Thanks it worked

@ahmadajmi, do you know how to set up automatical renewal of the cert every 60 days as LetsEncrypt suggests people should do here? I am also using Ghost on a Digital Ocean droplet.

1 Like

Probably by using a Cron Job, but I haven’t tried that, so I’m afraid I won’t be of much help.

Gives me -bash: /root/.acme.sh/acme.sh: No such file or directory :man_shrugging:
Also: which eMail address should that be? Any I have access to? The one I used when initially getting the let‘s encrypt cert? The one I use with Digital Ocean? The one I use with Ghost?
:flushed:

Really? Ghost doesn‘t have any command in the ghost-cli to update the let‘s encrypt certificate easily and autoatically? Bummer! :disappointed:

Run this in SSH sudo certbot renew that’s all. The issue is with DigitalOcean. ghost setup ssl will not work when you are on Digital Ocean and you will get an error.

Ps.

  • You have to logout from ghost manager user and get root privilege’s
  • You should run t in root folder.
1 Like

Thanks, @thimiraonline – I wish it was that easy …

$ sudo certbot renew
[sudo] password for ghost:
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
$ sudo cat /var/log/letsencrypt/letsencrypt.log
2021-07-12 08:05:36,486:DEBUG:urllib3.connectionpool:http://localhost:None "GET /v2/connections?snap=certbot&interface=content HTTP/1.1" 200 97
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:certbot version: 1.17.0
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Location of certbot entry point: /snap/certbot/1280/bin/certbot
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Arguments: ['--preconfigured-renewal']
2021-07-12 08:05:36,961:DEBUG:certbot._internal.main:Discovered plugins: PluginsRegistry(PluginEntryPoint#apache,PluginEntryPoint#manual,PluginEntryPoint#nginx,PluginEntryPoint#null,PluginEntryPoint#standalone,PluginEntryPoint#webroot)
2021-07-12 08:05:36,979:DEBUG:certbot._internal.log:Root logging level set at 30
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user: No renewals were attempted.
2021-07-12 08:05:36,981:DEBUG:certbot.display.util:Notifying user: - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2021-07-12 08:05:36,982:DEBUG:certbot._internal.renewal:no renewal failures

:man_shrugging:

You have to do it with the root user, not with the ghost manager. and please run it at root dir. I forgot to mention that. It worked for me today it saved my day.

root@ubuntu-xxxxxxxxxxx:/# sudo certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

:man_shrugging:

Are you with cloudflare or any other CDN?

Hi @ahmadajmi

I get the following error with your command: sudo: /root/.acme.sh/acme.sh: command not found
The crontab -l command shows that the tasks exists and the /etc/letsencrypt/acme.sh --home "/etc/letsencrypt" --list shows an entry for my domain and LetsEncrypt and that it should have renewed on July 4th. And it expires on august 3rd.
Running ghost setup ssl or ghost setup ssl-renew does not fix it either.

I’m not really ssure as I’m not that experienced in this topic. I do however suggest – as per the error message – to check GitHub - acmesh-official/acme.sh: A pure Unix shell script implementing ACME client protocol and make sure it is already installed.

Always take a droplet backup first.

1 Like