• Renew Let's Encrypt SSL
  • Generating DNS challenge
  • Verfify TXT record
  • The end

#Renew Let's Encrypt SSL

In this tutorial, we are going through the process of renewing a Let's Encrypt SSL key. We demonstrate the complete process in detail.

#Generating DNS challenge

We are using the DNS challenge for the verification, to create the challenge record, run the command below in the server's CLI:

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.site.com --manual --preferred-challenges dns-01 certonly

Replace *.site.com with your own domain.

You shall see some similar prompts as shown below:

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
Cert is due for renewal, auto-renewing...
Renewing an existing certificate
Performing the following challenges:
dns-01 challenge for site.com

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: The IP of this machine will be publicly logged as having requested this
certificate. If you're running certbot in manual mode on a machine that is not
your server, please ensure you're okay with that.

Are you OK with your IP being logged?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y

Key in Y to get the generated record:

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.xxxxxx.com with the following value:

QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE

Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue

Keep the CLI open and proceed to next step.

#Verfify TXT record

Now go to your name server and create a TXT record _acme-challenge.site.com, replace site.com with your own domain name.

The value for the TXT should be the one generated previous step. QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE in our case.

We need to wait for the DNS to propagate.

To ensure the propagation is completed, run the command below in your local CLI:

dig -t txt _acme-challenge.xxxx.com

It should show the generated challenge (QkBheXdMxkpImO53FfU2sSS1VQt6eI-hd0wAuQyHrcE in our case) when propagation is done.

#The end

Once propagation is done, go back to our server and press enter. It is supposed to show you a successful message.

Hope you find this tutorial useful!