Renew Let’s Encrypt Certificate with DNS Challenge and Namecheap
Time passed pretty quickly. The certificates generated in previous post are soon going to expire in one week time. If previous post, I am using other domain name, but the steps to renew will be the same.
Therefore it is important to renew the certificate and key and replace the old certificate and key before it expire. Let use
certbot utility tool to renew.
Step 1: Renew command interactive mode
If you have original certificate generate from the same machine, then you can proceed with
certbot renew command, but for this case, I would like to demonstrate if you renew from any machine that installed with
certbot and I am going to do it in interactive way.
sudo certbot certonly --manual
certbot will prompt you for the domain name. Enter your domain name and it will check what type of challenge you did previously, in my case it is DNS challenge (dns-01).
certbot will ask for your permission to log your IP as part of security procedure. Enter
yes to proceed
certbot will proceed to generate the verification token to ensure you have the control over the domain name. This is where we will update
_acme-challenge TXT record in DNS to reflect with the new token. We will hold first before we proceed.
Step 2: Update DNS TXT record for _acme-challenge
This step will be relatively easy as we have done something similar in previous post. In Namecheap console, go to DOMAIN then Advanced DNS
Add or modify _acme-challenge entry of TXT record with the token generated in previous step, click Tick to save the DNS entry.
Step 3: Verify DNS TXT record is updated
Previous post we are using
nslookup -type=TXT to verify the DNS entry, I discovered a new command
dig to achieve the same.
dig -t txt _acme-challenge.DOMAIN
Step 4: Complete the renew
certbot utility, press Enter to allow
certbot to continue with the verification process.
Now 2 certificates have been generated and you can copy from letsencrypt directory.
Step 5: Update your certification in your application (optional)
I updated Red Hat OpenShift Container Platform (OCP) Route with the new certificate and now I can see the expiry date is updated to 90 days later.