Letsencrypt certificates are only valid for 90 days so you have to continually renew them.
You can use the instructions on their website to setup the software on a Linux instance
The instructions below are for a subsequent renewal (the software was already installed)
# cd /etc/letsencrypt/ && ./certbot-auto certonly –manual -d ‘itayemi.com,*.itayemi.com’ –agree-tos -m aitayemi@gmail.com
Your system is not supported by certbot-auto anymore.
Certbot will no longer receive updates.
Please visit https://certbot.eff.org/ to check for other alternatives.
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator manual, Installer None
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
You have an existing certificate that contains a portion of the domains you
requested (ref: /etc/letsencrypt/renewal/itayemi.com-0001.conf)
It contains these names: *.itayemi.com
You requested these names for the new certificate: itayemi.com, *.itayemi.com.
Do you want to expand and replace this existing certificate with the new
certificate?
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
(E)xpand/(C)ancel: E
Renewing an existing certificate for itayemi.com and *.itayemi.com
Performing the following challenges:
dns-01 challenge for itayemi.com
http-01 challenge for itayemi.com
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Please deploy a DNS TXT record under the name
_acme-challenge.itayemi.com with the following value:
RNjsl2nWagSgH90ojgZ5w2gXMx1PkKLUWUFdcNmh4Qg
Before continuing, verify the record is deployed.
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Press Enter to Continue
(NOTE:!!! I used the zone editor in cPanel to create/update the record _acme-challenge wiht the provided value before pressing ENTER in the letsencrypt renewal session)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Create a file containing just this data:
B3wv64qZWKPwedBH54j-bk3QVlUehZX1yzR_E8aEJX0.CnVI-97hZx84xBV8tkKKHUbb60jhcwV3xDDSxq976iE
And make it available on your web server at this URL:
http://itayemi.com/.well-known/acme-challenge/B3wv64qZWKPwedBH54j-bk3QVlUehZX1yzR_E8aEJX0
(This must be set up in addition to the previous challenges; do not remove,
replace, or undo the previous challenge tasks yet.)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –
Press Enter to Continue
(NOTE!!!: I created the file in /public_html/.well-known/acme-challenge/ with the specified name/content then pressed ENTER in letsencrypt renewal session)
Waiting for verification…
Cleaning up challenges
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/etc/letsencrypt/live/itayemi.com-0001/fullchain.pem
Your key file has been saved at:
/etc/letsencrypt/live/itayemi.com-0001/privkey.pem
Your cert will expire on 2021-05-02. To obtain a new or tweaked
version of this certificate in the future, simply run certbot-auto
again. To non-interactively renew all of your certificates, run
“certbot-auto renew” - If you like Certbot, please consider supporting our work by: Donating to ISRG / Let’s Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le
(The end of the cerbot-auto certificate renewal command)
I then installed a root crontab entry to renew the certificates every 90-days
# crontab -l
# autorenew certificates for *.itayemi.com which should generate new
# valid certificates every 3 months. Note that I still have to login
# to itayemi.com cpanel and update the CRT and Private fields of each
# defined certificate with the new certificate generated by certbot
#i.e., cert.pem and privatekey.pem
45 2,3 1 2,5,8,12 * cd /etc/letsencrypt/ && ./certbot-auto renew
- INSTALLING THE LETSENCRYPT Certificate in cPanel
- Login to hihostnow.com.ng (Client Area) -> Select “Services” -> “My Services” from the menu
- Click on the “Status” button to the right of the target service e.g., itayemi.com
- Expand the “Actions” menu (left-side of page) and click on “Login to cPanel”
- In itayemi.com cpanel, select “SSL/TLS” (under the “Security” section)
- Select “INSTALL AND MANAGE SSL FOR YOUR SITE (HTTPS) – Manage SSL sites”
- For each listed FQDNs/certificate row, select “Update Certificate”
- “Certificate: (CRT)” field is populated with /etc/letsencrypt/live/itayemi.com-0001/cert.pem
- “Private Key (KEY)” field is populated with /etc/letsencrypt/live/itayemi.com-0001/privkey.pem