Renew Letsencrypt Certificate Without Changing Private Key [CSR]

In some cases you have to renew your certificate without changing your private key. and as we know letsencrypt generate new key for each certificate so if you want to keep the same key you have to follow this article:

To renew ssl certificate we have to keep our private key for the security setup.

So we will use letsencrypt CSR.

Our CSR Path is at:

/etc/letsencrypt/csr/0015_csr-certbot.pem

So we will use that command for renewal:

certbot certonly –reuse-key –csr /etc/letsencrypt/csr/0015_csr-certbot.pem -d api.justoneclick.net

It will ask you how would you like to authenticate with the ACME CA?

It will give you three options you will choose 1: Nginx Web Server plugin (nginx)

How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
1: Nginx Web Server plugin (nginx)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1

After running this command it will generate 3 files.

1- Certificate: cert.pem

2- Intermediate CA chain: chain.pem

3- Full certificate chain: chain.pem:

Successfully received certificate.Certificate is saved at:            /root/0000_cert.pemIntermediate CA chain is saved at:  /root/0000_chain.pemFull certificate chain is saved at: /root/0001_chain.pemThis certificate expires on 2022-10-01.

We will copy those files into this path replacing those old files

/etc/letsencrypt/archive/api.justoneclick.net-0002/cert3.pem
/etc/letsencrypt/archive/api.justoneclick.net-0002/chain3.pem
/etc/letsencrypt/archive/api.justoneclick.net-0002/fullchain3.pem

Finally we will reload nginx configurations by using this command:

sudo service nginx reload

Warnings:

1- Don’t try ever and never  to edit or replace “privkey3.pem”.

2- Certificates created using –csr will not be renewed automatically by Certbot. You will need to renew the certificate before it expires, by running the same Certbot command again.