SSL and Auto SSL information

Yeah, Yeah, there's still work to do here, I know

I will be adding stuff here and there so check back on the regular!

In Linux and Unix, there are multiple ways to issue and renew the Letsencrypt TLS/SSL certificates. However, in this tutorial, we are going to use the two most popular command-line tools that you can use:

We can always force cert renewal even if it is not near its expiration date.
certbot – Request a new certificate using

certbot renew --force-renewal

We can specify domains using the -d option. For example

certbot -d cyberciti.biz,www.cyberciti.biz,test.cyberciti.biz --force-renewal

acme.sh – Force to renew a cert immediately using the 

acme.sh -f -r -d www.cyberciti.biz

Certbot is the most popular tool for:

  • Automatically prove to the Let’s Encrypt CA that you control the website
  • Obtain a browser-trusted certificate and set it up on your web server
  • Keep track of when your certificate is going to expire, and renew it
  • Help you revoke the certificate if that ever becomes necessary
  • Renew the certificate forcefully if the need arises


The main aim for certbot command-line tool is to set up an HTTPS server and have it automatically obtain a browser-trusted certificate, without any human intervention. However, some times the renewal process fails for various reasons, and you need to issue the following manual command for forceful renewal:

certbot --force-renewal
certbot --force-renewal -d domain-name-1-here,domain-name-2-here
certbot --force-renewal -d www.nixcraft.com,nixcraft.com

See the certbot docs here for more info or use the following command

certbot --help
certbot --help all
## filter out renewal option using the grep command/egrep command ##
certbot --help all | grep -i force
certbot --help all | egrep -i 'renewal|force'

The syntax is as follows

acme.sh -f -r -d {your-domain-here}
acme.sh --force --renew --domain {your-domain-name-here}
acme.sh -f -r -d www.cyberciti.biz
acme.sh -f -r -d www.cyberciti.biz -d server1.cyberciti.biz

Where,

  • --renew OR -r : Renew a cert.
  • --domain OR -d : Specifies a domain, used to issue, renew or revoke etc.
  • --force OR -f : Used to force to install or force to renew a cert immediately.

Restart / reload your web server and service

Finally, restart the Nginx server or restart the Apache webserver for the changes to apply. In other words, you need to restart your web server so that clients can see renewed certificates

sudo service nginx reload
## or ##
sudo service httpd reload
## Systemd GNU/Linux ##
sudo systemctl reload nginx.service
sudo systemctl reload httpd.service
sudo systemctl reload apache2.service

Not Sponsored by 

YET.....

Its My Wiki, for you, for me and for them! Want to contribute?

Contact Me!