SSL Certificate
π SSL Certificate Renewal Guide(For WordPress Only)
For OpenLiteSpeed WordPress Server (Let's Encrypt)
This guide provides a step-by-step process to manually renew your Let's Encrypt SSL certificate and apply it on an OpenLiteSpeed-based WordPress server.
β Step-by-Step to Renew SSL on OpenLiteSpeed (Let's Encrypt)
πΉ Step 1: Force Renew the Certificate
Run the following command to forcefully renew your Let's Encrypt SSL certificate:
sudo certbot renew --force-renewal
π‘ This command forces renewal even if the certificate is not near its expiry. Useful for manual updates or troubleshooting.
πΉ Step 2: Restart OpenLiteSpeed to Apply the New Certificate
After renewal, restart the OpenLiteSpeed server to apply the new certificate:
sudo /usr/local/lsws/bin/lswsctrl restart
π This reloads the server with the updated certificate without needing a full reboot.
πΉ Step 3: Verify Renewal Was Successful
Check the certificateβs status and new expiry date using:
sudo certbot certificates
Look for your domain in the output and verify that the "Expiry Date" is extended (typically ~90 days from today).
π§ͺ Optional: Test Auto-Renewal
To ensure the automatic renewal system (cron/systemd) works properly:
sudo certbot renew --dry-run
β If this runs without errors, auto-renewal is correctly configured.
β οΈ Notes
Ensure your domain is correctly pointing to the server IP during renewal.
Let's Encrypt certificates expire every 90 days. This process helps avoid downtime.
You can schedule a cron job for regular renewal, but most installations do this automatically.
π File Paths & Info
Web root:
/var/www/htmlOpenLiteSpeed binary:
/usr/local/lsws/bin/lswsctrlCertbot configuration: Usually in
/etc/letsencrypt/
π SSL Renewal for Frappe/ERPNext Servers
π Step 1: Check SSL Certificate Start and Expiry Dates
To verify SSL certificate validity:
For a domain (public server):
echo | openssl s_client -servername yourdomain.com -connect yourdomain.com:443 2>/dev/null | openssl x509 -noout -dates
Example output:
notBefore=May 1 00:00:00 2025 GMT
notAfter=Jul 30 23:59:59 2025 GMT
If you are using a Frappe or ERPNext server set up with Let's Encrypt, you can renew your SSL certificate using the following command:
sudo bench renew-lets-encrypt
π This command is part of the Frappe Bench utility and will handle the renewal and reload the services automatically.
Ensure your domain is properly pointed to the server and ports 80/443 are open for validation.
π Certbot Installation & SSL Renewal Guide (Ubuntu 20.04+)
π§ Step 1: Install Certbot
If you're using Apache or no web server:
sudo apt update
sudo apt install certbot
If you're using NGINX:
sudo apt update
sudo apt install certbot python3-certbot-nginx
π Step 2: Confirm Certbot Installation
To verify if Certbot is installed correctly:
which certbot
Expected output:
/usr/bin/certbot
βοΈ Step 3: Configure Bench to Use Correct Certbot Path
If your Frappe or ERPNext setup still uses /opt/certbot-auto (deprecated), bypass it by running Certbot directly:
Manually renew SSL certificate:
sudo certbot renew --nginx