Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
## Once the certificate renew command is scheduled (or manually with sudo ./etc/letsencrypt/certbot-auto renew) a new certificate is generated
## To check if a new certificate was generated you can run :
[ec2-user@ip-MyIp ~]$ locate *certbot.pem
/etc/letsencrypt/csr/0000_csr-certbot.pem #old certificate
/etc/letsencrypt/csr/0001_csr-certbot.pem #new certificate
## You then need to change the ssl conf to specify the new certificate :
sudo vim /etc/httpd/conf.d/ssl.conf
## Search for SSLCertificateKeyFile(vim command : ?SSLCertificateKeyFile) and change the file for the new one :
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/letsencrypt/live/ ## the old file was /etc/letsencrypt/keys/0000_key-certbot.pem
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
SSLCertificateChainFile /etc/letsencrypt/live/
## Once this is updated, simply save and quit vim(vim command :wq) and restart the httpd service :
sudo service httpd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.