View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions How do I renew SSL cert using cerbot for my subdomain VPS?
Log in to Ask a Question

How do I renew SSL cert using cerbot for my subdomain VPS?

Hi,

Here is the message I received from my developer (who built my SaaS application):

"we would like to inform you that we have discussed with our IT Team, and based on the discussion, for setting auto-renewal of SSL certificate for any site, it must be running on the main domain. Since simply investing is running on a subdomain hence we can't set auto-renewal for it."

Is he correct?

I am running my SaaS application on linode on my subdomain "platform.simplyinvesting.com"

I have read your documentation here: https://www.linode.com/docs/guides/secure-http-traffic-certbot/

I understand that "Let's Encrypt" SSL Certificate is only valid for 90 days, and must be renewed every 90 days.

"Let's Encrypt" SSL Certificate is installed on my linode VPS and it is working right now.

Here are my 3 questions:

  1. Can I use Certbot to automatically renew my SSL certificate on my subdomain every 90 days?

  2. If so, can you provide a link to the documentation showing how to setup automatic renewal for a subdomain using Cerbot?

  3. If automatic renewal is not possible on a subdomain, then can you recommend a paid SSL certificate I can use?

thanks,
Kanwal

2 Replies

Of course you can. Whether it’s example.com, www.example.com or platform.example.com doesn’t matter - it’s just one (or more) names included in the cert.

You can even issue a wildcard and protect *.example.com - although this requires support from your DNS host and Certbot.

Any of the instructions here should work just fine - just follow the relevant section depending on your web server:

https://certbot.eff.org/docs/using.html

Instead of “-d example.com -d www.example.com”, you would put “-d platform.simplyinvesting.com” to just protect your subdomain.

Personally I prefer acme.sh - it supports many more DNS providers (including Linode) for wildcards and is much simpler to set up.

https://www.linode.com/docs/guides/secure-website-lets-encrypt-acme-sh/

Note that acme.sh now used ZeroSSL by default, but you can revert back to LE with a simple command, documented here:

https://github.com/acmesh-official/acme.sh/wiki/Change-default-CA-to-ZeroSSL

What ^^ he said. Side note: Certbot will not grant Certificates to IP addresses though.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct