How do I renew an SSL certificate?


#1

Hello,

I am using Cloudflare and SSL from Letsencrypt for my site https://forumweb.hosting/ and SSL certificate is going to be expired soon, I had a question here https://community.letsencrypt.org/t/how-to-manually-renew-letsencrypt-ssl-certificate/35804 but they are saying that my SSL is being handled by Cloudflare, it should be solved from Cloudflare.

So, how can I renew SSL certificate for my site? what is the best way to do this?

I am sure more people are using Cloudflare and SSL from Letsencrypt, I look forward to having a best solution for this, like to know both ways manually or automatically renew SSL.

Thanks


#2

As far as I can see your certificate (on Cloudflare) have already been renewed. Cloudflare handles certificate renewal automatically.


#3

How did you create your Let’s Encrypt certificate in the first place? That should be part of your solution.

On my Ubuntu Apache server(s), I use Certbot: https://certbot.eff.org/

And have a crontab entry that runs daily to update any almost-expired certs:

15 3 * * * /usr/bin/certbot renew --quiet


#4

Your Cloudflare Universal SSL certificates will automatically renew as long as you are using our Name Servers authoritatively for your domain, or your WWW subdomain is orange-clouded. These methods allow us to automatically verify the Universal SSL certificate renewal for your domain.

If it is your letsencrypt certificate that is expiring, you’d need to renew this as @sdayman explained.


#5

I know Cloudflare will be automatically renewed but the problem is I used Letsencrypt from my hosting control panel and how when my Letsencrypt ssl is expire.

I created it from my hosting control panel. Do some configurations and I could enable Let’s Encrypt for my site.
I don’t think I need to recreate a new Let’s Encrypt ssl to renew or that will not work.

Do i need to install Certbot and this will renew my SSL certifications?

Thanks you guys!


#6

OK - so renew LetsEncrypt certs behind Cloudflare you’ll need to use DNS or “Webroot” based verification. There’s some information on this here:

I also note that certbot has added Cloudflare support which means it will automatically complete DNS verification for your LetsEncrypt cert renewal via the Cloudflare API. I couldn’t find full documentation on this, but you can see the commit in the latest version here:

So I would consider installing the latest version of certbot and trying it with the --dns-cloudflare option.