Renewing name dot com SSL certificate

[Klen]

One of the reason why i use name dot com for domains as they provide free SSL which only need to be renewed once every year compared to let's encrypt. However, this have one bad side - once it need to be done , i always forget how it is done and where i stored instructions for it, so i will save it here as well to be faster next time when it's renewal time. If anyone also uses name dot com for SSL, you can use it too.

Step 1:
Generate new SSL key with following command:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

FQDN value must be in format www dot domain dot com

Step 2
Copy value from server.csr into SSL generator of name .
Once certificates are generated, concat Server Certificate and CA Certificates into pem file.
Then replace key file with newly generated key file. Restart nginx and that's it.

[baodb]

Sounds awfully complicated. You know you can easily automate lets encrypt right? Also there is buypass which does 6 months and uses the same system as lets encrypt.

[sandman!]

if your using a control panel like directadmin there is no work doing automated ssl i guess yearly is useful if your not using control panels.

[CurrentlySober]

my hosting (dreamhost) does mine for me and its only a cheap host i keep for some legacy stuff

[Klen]

Quote:

Originally Posted by baodb

Sounds awfully complicated. You know you can easily automate lets encrypt right? Also there is buypass which does 6 months and uses the same system as lets encrypt.

I know but in order to make it automated you need to run cron and you never know when cron can fail. And also, fact how you need to shutdown nginx first to make it work(tho think they fixed that in newer versions) was something what i dislike too. Plus this is commercial SSL which is better quality.

[TurboB]

I even had forgotten about it.
Since moved to Cloudflare.

[Tasty1]

Goes automatic in cpanel, that is why i use that.

[blackmonsters]

Quote:

Originally Posted by Klen

I know but in order to make it automated you need to run cron and you never know when cron can fail. And also, fact how you need to shutdown nginx first to make it work(tho think they fixed that in newer versions) was something what i dislike too. Plus this is commercial SSL which is better quality.

Nope, nope, no.

I run Plesk and free Let's encrypt, and it renews automatically.
It only failed once; on new domains using the register's DNS instead of mine.
Been running smooth since.

[Sly]

I will pile on.

If we were still messing with SSL certificate renewals manually, I would have no hair left.

[baodb]

Quote:

Originally Posted by Klen

I know but in order to make it automated you need to run cron and you never know when cron can fail. And also, fact how you need to shutdown nginx first to make it work(tho think they fixed that in newer versions) was something what i dislike too. Plus this is commercial SSL which is better quality.

Honestly I do not think that there is even a way for free domain level certs to have a difference in quality.

Anyway you do not need to shutdown NGINX with something like acme.sh, it can modify the nginx config and reload in place to renew. Alternatively you can use DNS auth which you can even do on a different machine than the production one, also fully automated if your domains are hosted somewhere with DNS API.

[bigalownz]

try this

https://github.com/acmesh-official/acme.sh

i installed this a few years ago never had any problems
it updates for all of my domains sites etc