Site Map - skip to main content

Hacker Public Radio

Your ideas, projects, opinions - podcasted.

New episodes Monday through Friday.

hpr3295 :: Renewing a Let's Encrypt cert for Home Network use

How to update a cert when the automatic processes don't work

<< First, < Previous, , Latest >>

Thumbnail of Ken Fallon
Hosted by Ken Fallon on 2021-03-19 is flagged as Clean and is released under a CC-BY-SA license.
SSL, Let's Encrypt, Intranet. (Be the first).

Listen in ogg, spx, or mp3 format. Play now:

Duration: 00:03:15


Back in hpr3289 :: NextCloud the hard way, I showed you how to install a Let's Encrypt SSL cert for use on your home network. One of the problems was the fact that the automatic renew tools won't work.

Today I got a reminder email from Let's Encrypt and I used the exact same command to renew it as I did to create it in the first place. The tool is smart enough to know this is a renewal process.

One thing I forgot to do last time was to remove the TXT record from DNS after I was done. So I had to delete the record and wait a while for the Time To Live (TTL) to expire.

I set about doing a check list so the next time the process can be even faster.

  1. Run the command
    certbot certonly --manual --preferred-challenges dns
  2. Deploy a DNS TXT record under the name
  3. Finish the challenge.
  4. When successful, remove the DNS TXT record as it's not needed for another two months.


Subscribe to the comments RSS feed.

Leave Comment

Note to Verbose Commenters
If you can't fit everything you want to say in the comment below then you really should record a response show instead.

Note to Spammers
All comments are moderated. All links are checked by humans. We strip out all html. Feel free to record a show about yourself, or your industry, or any other topic we may find interesting. We also check shows for spam :).

Provide feedback
Your Name/Handle:
Anti Spam Question: What does the P in HPR stand for ?