Episode: 3295
Title: HPR3295: Renewing a Let's Encrypt cert for Home Network use
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3295/hpr3295.mp3
Transcribed: 2025-10-24 20:21:24

---

This is Haka Public Radio episode 3295 for Friday the 19th of March 2021.
Today's show is entitled Renewing a Let's Encrypt Cert for Home Network Use.
It is hosted by Ken Fallon and is about three minutes long and currently in flag.
The summary is how to update a Cert when the automatic processes don't work.
This episode of HBR is brought to you by an honest host.com.
Get 15% discount on all shared hosting with the offer code HBR15.
That's HBR15.
Better web hosting that's honest and fair at An Honesthost.com.
Hi everybody, my name is Ken Fallon, you're listening to another episode of Haka Public Radio.
Today it's a follow up to my own show 3289 and that one was installing next cloud the Hardway.
In that episode I showed you how you could get a Cert from Let's Encrypt if you're running it behind
firewall. One of the issues that we needed to do was verify that we owned the domain by putting up a
TXT record within our DNS. And unfortunately the issue with that is that we don't get to
automatically renew the certificate. However, the renewal process is actually quite easy.
In fact, it's absolutely identical to the career process. So you create Cert bot,
space, certainly, space, dash-manual, space-dash-preferred, dash-challenges,
space-dns. And that's intelligent enough to know that you have a Cert already and it goes
through the same thing. It tells you is your IP logged and then it asks you to deploy a DNS record
on just call acne-challenge.nextcloud.example.com and then you get a key. And then if we can find
you press enter and it says congratulations your certificate has been renewed.
I had set up a next cloud reminder but in actual fact Let's Encrypt sent me an email to remind
myself 30 days beforehand. So the search is for 90 days, the recommendation is two-thirds of the
time. So this was trivial, trivial to do. It'll be even more trivial the next time because it did
run into a smidgen of an issue. And that issue was that that key already existed in DNS.
So when I, from the previous, from the original one. So when I went to do the process in the first
place, Let's Encrypt returned an error saying that the key was the first key, not the new one that
I received. So that's grand. I deleted that and of course I had to wait until the time to live
expired for my DNS records which luckily enough was only an hour. Then I came back and did it
again and then realized that there are two DNS servers one of which did fast enough. So I had to do
this few times. But in the end it all worked out and so the process, the last part of the process
was actually deleting that record because once it's, once it's been renewed that certificate,
the record doesn't need to be there. The challenge has already been accepted. So the next time I go
to do this, it will be just run the one command, nip out to my DNS, add in a new DNS entry,
press enter, get a new certificate and then back out to the DNS entry and delete it again. So
that's essentially quite simple. Okay, thank you very much for tuning in and remember to tune in
tomorrow for another exciting episode of Hacker Public Radio.
You've been listening to Hacker Public Radio at Hacker Public Radio.
We are a community podcast network that releases shows every weekday Monday through Friday.
Today's show, like all our shows, was contributed by an HBR listener like yourself.
If you ever thought of recording a podcast and click on our contributing,
to find out how easy it really is. Hacker Public Radio was founded by the Digital Dog
Pound and the Infonomicom Computer Club and is part of the binary revolution at binrev.com.
If you have comments on today's show, please email the host directly, leave a comment on the website
or record a follow-up episode yourself. Unless otherwise status, today's show is released under
Creative Commons, Attribution, ShareLife, 3.0 license.