Renewing TLS certificates with certbot

< prev home next >
approximate reading time: 2 minutes
created by pur on 2022/09/22 - last changed on 2022/09/22


source /usr/local/src/certbot/bin/activate # activate venv
sudo certbot --apache renew # renew all certificates
deactivate # deactivate the venv

I'm referring to an installation of certbot with pip into an virtual environment (see previous post)

First steps

Firstly, activate the virtual environment and check the current status:

source /usr/local/src/certbot/bin/activate
certbot --help 
sudo certbot certificates

Delete old certificates

I found a certificates for our old domain "" which we didn't need any more, so I deleted them with:

sudo certbot delete --cert-name

Error resolving

I got an error when I wanted to renew the remaining certificate for the subdomains of The errors where twofold:

  1. the virtual host for was still activated
  2. the log folder was non-existent

So I deactivated the the site with

sudo a2dissite #disable site(s) interactively 

and corrected the log files in the available site (virtual host) configurations. The error complained about /etc/apache2/sites-enabled/<somefile>. The files in sites-enables folder are links to the files located in sites-available. To show this use one of the following commands:

ls -l /etc/apache2/sites-enabled/
readlink -f /etc/apache/site-enables/

The ErrorLog option could in principle be deleted from the sites specific configuration files as it is defined in the default config file.

Renewing the certificates

Finally, after resolving these errors I could renew the certificates for the subdomains with the command mentioned at the top of this page:

sudo certbot --apache renew
deactivate # deactivate the venv