Renew let’s encrypt SSL cert on Debian

A note for how I renew blahdns.com let’s encrypt SSL cert

// With acme.sh

/root/acme.sh --issue --standalone -d dot-jp.blahdns.com -d doh-jp.blahdns.com

rm /etc/haproxy/dot-jp.blahdns.pem

cd /root/.acme.sh

cat /root/.acme.sh/dot-jp.blahdns.com/fullchain.cer /root/.acme.sh/dot-jp.blahdns.com/dot-jp.blahdns.com.key > /etc/haproxy/dot-jp.blahdns.pem

service haproxy restart

// With certbot

// Renew
certbot certonly --cert-name dot-jp.blahdns.com --force-renewal

// Working method 1
certbot delete 

// After delete all cert
certbot certonly --rsa-key-size 4096 --standalone --agree-tos --no-eff-email --email [email protected] -d dot-de.blahdns.com -d doh-de.blahdns.com

// Merge SSL fullchain and privkey into 1 pem

cd /etc/letsencrypt/archive/dot-de.blahdns.com/
cat fullchain1.pem privkey1.pem > /etc/haproxy/dot-de.blahdns.pem

// restart HAProxy
service haproxy restart

Updated 20, Jan 2020

Photo by Jahsie Ault on Unsplash