Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Let's Encrypt: How to manually test the certbot renewal process?

Tags:

lets-encrypt

certbot

manual-testing

I have a working setup where Let's Encrypt certificates are generated with certbot. I wonder how you effectively test whether the renewal will work in production.

The certificates last for 90 days. Is there a way to reduce the lifespan to, for instance, 10 minutes, to see if the renewal works? (Using the staging system for that is fine.)

If you have an alternative approach how to make sure that your renewal code works (without having to wait for 90 days), it would also be appreciated.

like image 893
Philipp Claßen Avatar asked May 18 '17 12:05

Philipp Claßen

People also ask

How do I force LetsEncrypt renew?

Renewing the LetsEncrypt certificate using the certbot Obtain a browser-trusted certificate and set it up on your web server. Keep track of when your certificate is going to expire, and renew it. Help you revoke the certificate if that ever becomes necessary. Renew the certificate forcefully if the need arises.

How do I check my Certbot status?

Check the status of this service and make sure it's active and running: sudo systemctl status certbot.

2 Answers

You use the --dry-run option. E.g.:

$ sudo certbot renew --dry-run

From certbot -h:

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

...

--dry-run Test "renew" or "certonly" without saving any certificates to disk

This ensures that the certbot can validate your domain with your current configuration.

If you really want to save the certificates to disk and see if your system is using the new cert, then you can also use the --force-renewal option. In that case, you should visit your website and check that the active certificate is the new one. If it isn't, you likely need to adjust your cronjob to restart your web server. E.g.:

certbot renew && service apache24 restart
like image 199
Greg Schmit Avatar answered Sep 18 '22 01:09

Greg Schmit

You can use "certbot renew --force-renewal"

https://certbot.eff.org/docs/using.html#configuration-file

--force-renewal, --renew-by-default

If a certificate already exists for the requested domains, renew it now, regardless of whether it is near expiry. (Often --keep-until-expiring is more appropriate). Also implies --expand. (default: False)

like image 25
Djaevel Avatar answered Sep 18 '22 01:09

Djaevel
Sign in to Comment

Related questions

.well-known/acme-challenge nginx 404 error
Nginx with Let's encrypt "Welcome to Nginx" instead of rails app
Kubernetes certbot standalone not working
SSL handshake fails in Xamarin
Unsuccessful in using Automated Certificate Management for domains hosted on Google Domains
Chrome shows old SSL certificate
Lets Encrypt Error "urn:acme:error:unauthorized"
How to uninstall/remove Certbot Let's Encrypt from Debian 8
How to use Let's Encrypt with Azure's API Management
Trust issue while sending a post to my API since DST Root CA X3 Expiration
letsencrypt-express with Socket.IO
traefik permissions 777 for acme.json are too open, please use 600
Unable to unwrap data, invalid status CLOSED
Let's Encrypt on Android gives java.security.cert.CertPathValidatorException: Trust anchor for certification path not found
How to use Jetty with Let's Encrypt certificates?
certbot cannot verify domain and connection refused
Docker Nginx complains: SSL: error:02001002
using certbot-auto for nginx

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!