When you followed along with my series of blog posts on the Best and Cheapest Oracle APEX hosting: Free Oracle Cloud you most likely will have gotten an email from Let's Encrypt that your certificate is due for renewal.
![]()
To check your certificate, go to your site in a browser and click on the lock:
![]()
Yep, corresponds to the email, in 10 days my certificate will expire.
Let's get this fixed! So connect with ssh to your Compute instance (see the previous post in the series if you forgot those commands).
When I connect to my machines I typically first run yum update to get the latest packages installed so we are current with security patches, or just, in general, keep up with the latest software.
sudo su (to become root)
yum update
![]()
Time to renew our certificate. It's very easy to do, run
certbot certonly
![]()
Ha! Apparently not so simple after all?! We got an error. This might happen when packages are incompatible. Normally yum should take care of that, but as we installed Certbot with Pip, let's upgrade all those components too.
pip install -U pip
As the above error indicates an issue with cryptography, I will update that too.
pip install cryptography --upgrade
![]()
Now, let's try to renew our certificate again:
certbot certonly
and type your domain name(s):
![]()
Cool, that worked... your certificate is now updated.
To get the new certificate active we restart the webserver (after testing if all is ok):
nginx -t
nginx -s reload
![]()
Finally, we check the certificate in a browser to see if the new one is there:
![]()
All done, time to relax again for a couple of months.
Update: Morten made the remark why not to automate the renewal:
![]()
It's a great comment! When you look at the Certbot instructions, it actually gives you the steps to auto-renew, so you might have already done that. I actually have this running on some of our servers, but I didn't include this step in my initial blog post when we configured the webserver.
So, in case you didn't set up the automatic renewal, or the automatic renewal failed, you have the steps above to fix it.
To check your certificate, go to your site in a browser and click on the lock:
Yep, corresponds to the email, in 10 days my certificate will expire.
Let's get this fixed! So connect with ssh to your Compute instance (see the previous post in the series if you forgot those commands).
When I connect to my machines I typically first run yum update to get the latest packages installed so we are current with security patches, or just, in general, keep up with the latest software.
sudo su (to become root)
yum update
Time to renew our certificate. It's very easy to do, run
certbot certonly
Ha! Apparently not so simple after all?! We got an error. This might happen when packages are incompatible. Normally yum should take care of that, but as we installed Certbot with Pip, let's upgrade all those components too.
pip install -U pip
As the above error indicates an issue with cryptography, I will update that too.
pip install cryptography --upgrade
Now, let's try to renew our certificate again:
certbot certonly
and type your domain name(s):
Cool, that worked... your certificate is now updated.
To get the new certificate active we restart the webserver (after testing if all is ok):
nginx -t
nginx -s reload
Finally, we check the certificate in a browser to see if the new one is there:
All done, time to relax again for a couple of months.
Update: Morten made the remark why not to automate the renewal:
It's a great comment! When you look at the Certbot instructions, it actually gives you the steps to auto-renew, so you might have already done that. I actually have this running on some of our servers, but I didn't include this step in my initial blog post when we configured the webserver.
So, in case you didn't set up the automatic renewal, or the automatic renewal failed, you have the steps above to fix it.