Renew a Certificate

Certificates issued by the Keyfactor ACME server are automatically renewed according to the standard ACME protocol. Once a certificate is generated, it is recorded in the Keyfactor ACME SQL database and Keyfactor Command to allow for tracking important details like renewal timelines and requirements. By default, the Keyfactor ACME server handles the renewal process automatically, ensuring that certificates are renewed before they expire.

However, you also have the option to manually renew certificates if preferred. Additionally, you can set up an automated job to periodically check for certificates nearing expiration and trigger renewals automatically. For users utilizing Certbot, you can issue the standard Certbot renewal commands to perform the renewal process for any ACME-issued certificates, ensuring they are kept up to date without manual intervention.

For example, to run a manual renewal for all certificates:

Copy

REQUESTS_CA_BUNDLE=/etc/ssl/certs/ca-certificates.crt certbot renew

Note: You can specify a certificate to renew by adding the parameter

A parameter or argument is a value that is passed into a function in an application. --cert-name <domain-identifer> to the command. If the certificates are not up for renewal, you can still force them to renew by passing in the argument

A parameter or argument is a value that is passed into a function in an application. --force-renewal. The default threshold for renewal in Certbot is 30 days prior to expiration.

Was this page helpful? Provide Feedback

Version v25.2.1

On this page: