How can I renew Let's Encrypt certificates?

This article discusses how to renew Let’s Encrypt SSL certificates that you have installed on your Droplet. It does not pertain to the Let’s Encrypt certificates that DigitalOcean manages for load balancers.

Let’s Encrypt uses the client Certbot to install, manage, and automatically renew the certificates they provide. In the case where your certificate does not automatically renew on your Droplet, you can manually trigger the renewal at anytime by running:

sudo certbot renew

If you have multiple certificates for different domains and you want to renew a specific certificate, use:

certbot certonly --force-renew -d example.com

The --force-renew flag tells Certbot to request a new certificate with the same domains as an existing certificate. The -d flag allows you renew certificates for multiple specific domains.

To verify that the certificate renewed, run:

sudo certbot renew --dry-run

If the command returns no errors, the renewal was successful.

You can typically install an SSL certificate by adding a few lines of configuration to the Droplet’s web server, or by using tools that automatically add the configuration for you.
Delete the Let’s Encrypt certificate associated with the domain in your account’s Settings section.
Upgrade your client to support TLSv1.2 or TLSv1.3 for secure MySQL connections.