How to Renew Let's Encrypt Certbot SSL Certificates on reCIPHER-BIS™

By reCIPHER™ Webmaster on February 8, 2026
Intermediate

SOURCE: https://www.tecmint.com/linux-server-health-monitoring-script/


Follow these steps below to Renew Let's Encrypt SSL certificates for reCIPHER-BIS Ubuntu Server instances:



First, MobaXTerm to access the Server over SSH, then perform the following:


  1. Prepare the DOMAIN DNS RECORDS within CLOUDFLARE [or the DNS registrar]
  2. Confirm the DNS Domains Served by that server by executing the following:
sudo certbot renew --dry-run -v

  1. You should now see results including the specific Domain Names like below:

sup3r@rg-bis2022:~$ sudo certbot renew -v

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/demo.recipher.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certificate is due for renewal, auto-renewing...

Plugins selected: Authenticator nginx, Installer nginx

Renewing an existing certificate for bis.recipher.com and 3 more

Performing the following challenges:

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.reciphergroup.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='demo.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='erp.recipher.com')

Waiting for verification...

Cleaning up challenges

Reloading nginx server after certificate renewal

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded:

 /etc/letsencrypt/live/demo.recipher.com/fullchain.pem (success)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

sup3r@rg-bis2022:~$ sudo certbot renew --dry-run -v

Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/demo.recipher.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certificate not due for renewal, but simulating renewal for dry run

Plugins selected: Authenticator nginx, Installer nginx

Simulating renewal of an existing certificate for bis.recipher.com and 3 more

Performing the following challenges:

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.reciphergroup.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='demo.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='erp.recipher.com')

Waiting for verification...

Cleaning up challenges


  1. Now it is CRITICAL to CONFIGURE DNS A RECORDS FOR EACH DOMAIN YOU WANT TO PROTECT WITH HTTPS to point to your PUBLIC IP ADDRESS OF THE SERVER. For example, if the WAN [Public] IP ADDRESS is 123.123.123.123, create an A RECORD for bis.recipher.com POINTING TO 123.123.123.123


  1. Now we need to create a PORT FORWARD for PORT 80 INCOMING to POINT TO THE BIS SERVER PRIVATE IP ADDRESS [run 'ip a' to determine your Local IP]


  1. Prior to running the CERTBOT commands, try to PING EACH OF YOUR DOMAIN NAMES and ensure you receive a response from your WAN IP ADDRESS


NOTE: If you are using Cloudflare for DNS management, ensure you select 'DNS ONLY' and DISABLE PROXYING for this purpose. NOTE: WE WILL DISABLE THE PORT FORWARD AS SOON AS THE CERTIFICATION PROCESS IS COMPLETED & TESTED.


  1. Open a Terminal and execute the following:
sudo certbot renew -v  


  1. If the Certbot process was successful, you should see the following:


sup3r@rg-bis2022:~$ sudo certbot renew -v

Saving debug log to /var/log/letsencrypt/letsencrypt.log


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Processing /etc/letsencrypt/renewal/demo.recipher.com.conf

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Certificate is due for renewal, auto-renewing...

Plugins selected: Authenticator nginx, Installer nginx

Renewing an existing certificate for bis.recipher.com and 3 more

Performing the following challenges:

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='bis.reciphergroup.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='demo.recipher.com')

http-01 challenge for Identifier(typ=IdentifierType(dns), value='erp.recipher.com')

Waiting for verification...

Cleaning up challenges

Reloading nginx server after certificate renewal


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Congratulations, all renewals succeeded:

 /etc/letsencrypt/live/demo.recipher.com/fullchain.pem (success)

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -



More articles on OS-Linux

More articles on OS-Linux
Comments

No comments yet.

Add a comment
Ctrl+Enter to add comment