TailTemplate Build stunning websites faster with our pre-designed Tailwind CSS templates

Renew Let's Encrypt SSL

In this tutorial, we are going through the process of renewing a Let's Encrypt SSL key. We demonstrate the complete process in detail.

Generating DNS challenge

We are using the DNS challenge for the verification, to create the challenge record, run the command below in the server's CLI:

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.site.com --manual --preferred-challenges dns-01 certonly

Replace *.site.com with your own domain.

You shall see some similar prompts as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for site.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Key in Y to get the generated record:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.xxxxxx.com with the following value:

QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Keep the CLI open and proceed to next step.

Verfify TXT record

Now go to your name server and create a TXT record _acme-challenge.site.com, replace site.com with your own domain name.

The value for the TXT should be the one generated previous step. QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE in our case.

We need to wait for the DNS to propagate.

To ensure the propagation is completed, run the command below in your local CLI:

dig -t txt _acme-challenge.xxxx.com

It should show the generated challenge (QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE in our case) when propagation is done.

The end

Once propagation is done, go back to our server and press enter. It is supposed to show you a successful message.

Hope you find this tutorial useful!