SSL Certificate Renewal and Setup

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Development and maintenance of all types of websites:

Informational websites or web applications

Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators

E-commerce websites or web applications

Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers

Business process management web applications

CRM systems, ERP systems, corporate portals, production management systems, information parsers

Electronic service websites or web applications

Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services

Showing 1 of 1 servicesAll 2065 services

SSL Certificate Renewal and Setup

Simple

~2-3 hours

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

Development of a web application for FEEDME
1161
Development of an online store for the company FURNORO
1041
Development of a web application for Enviok
822
CRM development for Chasseurs
847
Website development for SBH Partners
999
Website development for Red Pear
451

Show more works

SSL Certificate Renewal and Setup

Expired SSL means immediate downtime: browsers show security errors and block access. Proper auto-renewal configuration eliminates this problem.

Let's Encrypt: Auto-Renewal

# Install Certbot
sudo apt install certbot python3-certbot-nginx

# Get certificate
sudo certbot --nginx -d mysite.com -d www.mysite.com

# Check auto-renewal (Certbot installs systemd timer)
sudo systemctl status certbot.timer

# Test renewal (without actually renewing)
sudo certbot renew --dry-run

# Force renewal
sudo certbot renew --force-renewal

Certbot automatically renews certificates 30 days before expiration.

Wildcard Let's Encrypt Certificate

# Wildcard requires DNS validation
sudo certbot certonly --manual --preferred-challenges=dns \
  -d mysite.com -d "*.mysite.com"

# Automation via DNS plugin (Cloudflare)
sudo apt install python3-certbot-dns-cloudflare
echo "dns_cloudflare_api_token = CF_TOKEN" > /etc/letsencrypt/cloudflare.ini
chmod 600 /etc/letsencrypt/cloudflare.ini

sudo certbot certonly \
  --dns-cloudflare \
  --dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
  -d mysite.com -d "*.mysite.com" \
  --preferred-challenges dns-01

Paid Certificate: Manual Renewal

# 1. Create CSR
openssl req -new -newkey rsa:2048 -nodes \
  -keyout mysite.com.key \
  -out mysite.com.csr \
  -subj "/C=US/ST=State/L=City/O=My Company/CN=mysite.com"

# 2. Send CSR to CA (Sectigo, DigiCert, etc.)
# 3. Receive .crt + chain
# 4. Install in Nginx:
cat mysite.com.crt intermediate.crt > fullchain.crt

# nginx.conf
ssl_certificate     /etc/ssl/mysite.com/fullchain.crt;
ssl_certificate_key /etc/ssl/mysite.com/mysite.com.key;

Expiration Monitoring

# Manual check
echo | openssl s_client -servername mysite.com -connect mysite.com:443 2>/dev/null \
  | openssl x509 -noout -dates

# Script for multiple domains
for domain in mysite.com api.mysite.com admin.mysite.com; do
  expiry=$(echo | openssl s_client -servername "$domain" -connect "$domain:443" 2>/dev/null \
    | openssl x509 -noout -enddate 2>/dev/null | cut -d= -f2)
  echo "$domain: $expiry"
done

HSTS and OCSP Stapling

# Enable HSTS only after verifying HTTPS works correctly
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

# OCSP Stapling (speeds up SSL handshake)
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/letsencrypt/live/mysite.com/chain.pem;
resolver 8.8.8.8 1.1.1.1 valid=300s;

Configuration Verification

SSL Labs: ssllabs.com/ssltest → should be A or A+
Mozilla Observatory: observatory.mozilla.org

Setting up Let's Encrypt with auto-renewal — 30–60 minutes.