Renewing ACME Certificates

  • Updated on Feb 5, 2025
  • Published on Dec 13, 2024
  • 2 minute(s) read

Renewing a certificate involves acquiring a new one to extend the validity of an existing certificate before it expires. This ensures that secure connections (such as HTTPS) remain uninterrupted, and the certificate continues to be trusted by browsers and systems.

Using Web UI:

To renew an ACME certificate:

  1. Navigate to Security :: Certificates.

  2. In the Certificate Table, locate the Signed Certificate (ACME) that you want to renew.

  3. Verify the certificate expiry date and click Renew Certificate. The page gets redirected to Certificates Table where you can check the new expiry date.

  4. Verify the new certificate expiry date.

Using CLI:

Run the following commands to renew an ACME certificate:

  1. Access /settings/certificates:

  2. Locate the Signed Certificate (ACME):

    [admin@ACME /]# cd /settings/certificates/
[admin@ACME certificates]# show
  name                 common name                  status  type                       issuer                                             issued on                 expires on                used by
  ===================  ===========================  ======  =========================  =================================================  ========================  ========================  ============
  nodegrid-default     e41a2c00752c                 Valid   Signed Certificate         ZPE Systems Inc e41a2c00752c                       Sep 13 00:37:45 2024 GMT  Dec 17 00:37:45 2026 GMT  Webserver
  acme-http01-v1-cert  acme-http01-v1.example.com   Valid   Signed Certificate (ACME)  (STAGING) Let's Encrypt (STAGING) False Fennel E6  Oct  4 13:10:12 2024 GMT  Jan  2 13:10:11 2025 GMT  -        
[admin@ACME certificates]# cd acme-http01-v1-cert

  3. Check the current Expiration Date.

    [admin@ACME acme-http01-v1-cert]# show
certificate name: acme-http01-v1-cert
status: Valid                                 
common name: acme-http01-v1.example.com.br
subject alternative names: acme-http01-v1.example.com.br
certificate issuer: (STAGING) Let's Encrypt (STAGING) False Fennel E6
expires on: Jan  2 13:10:11 2025 GMT                                   <<<<<< Expiration Date
key size: 256 bit
certificate:
-----BEGIN CERTIFICATE-----
MIIDtTCCAzygAwIBAgISKxytfvHqoeskmhnEm2f5MDz8MAoGCCqGSM49BAMDMFMx
...
use_ssl_certificate_trust_attributes = no

  4. Type renew_certificate.

    [admin@ACME acme-http01-v1-cert]# renew_certificate

  5. Verify the expiry date again.

     [admin@ACME acme-http01-v1-cert]# show
certificate name: acme-http01-v1-cert
status: Valid                                 
common name: acme-http01-v1.example.com.br
subject alternative names: acme-http01-v1.example.com.br
certificate issuer: (STAGING) Let's Encrypt (STAGING) False Fennel E6
expires on: Jan  2 13:15:22 2025 GMT                                   <<<<<< Expiration Date
key size: 256 bit
certificate:
-----BEGIN CERTIFICATE-----
MIIDtTCCAzygAwIBAgISKxytfvHqoeskmhnEm2f5MDz8MAoGCCqGSM49BAMDMFMx
...
use_ssl_certificate_trust_attributes = no

ACME certificates can also be automatically renewed using the same credentials that were used to create the CA server. For the Let's Encrypt CA server, the default threshold for auto-renewal is when the certificate has 30 days remaining before expiration. In other words, if an ACME certificate has 29 days left before it expires, the auto-renew feature will automatically renew it. Other certificate authorities (CAs) may have different timeframes for their certificate renewal process. You can edit the renewal interval by navigating to System :: Scheduler. For more information, refer to the section Manage Scheduled Tasks.