June 14, 2026 · 4 min read
How to renew SSL on a VPS without memorizing certbot commands
TLS renewal is usually certbot renew plus a web server reload. You can run the steps via chat and approve each command—no need to memorize flags or paths.
Renewing SSL on a VPS is usually two steps: renew the certificate, then reload the web server. You do not need to memorize certbot flags—you need a safe way to run the right commands on your box.
Standard renewal (Ubuntu + Nginx)
sudo certbot renew --dry-run
sudo certbot renew
sudo nginx -t && sudo systemctl reload nginxCertbot often schedules auto-renewal. Check:
systemctl list-timers | grep certbotIf renewal fails
| Error hint | Fix |
|---|---|
| DNS problem | A/AAAA records must point to this server |
| Connection refused | Firewall or Nginx not listening on :80 for HTTP-01 |
| Rate limited | Use staging LE endpoint while testing |
| Expired already | certbot certonly with correct -d domains |
Logs: sudo less /var/log/letsencrypt/letsencrypt.log
Apache instead of Nginx
sudo certbot renew
sudo apache2ctl configtest && sudo systemctl reload apache2Without terminal expertise
Tell an AI DevOps Copilot: “My cert expires in 5 days on Nginx—walk me through renewal.”
Ohuriya AI is an AI DevOps Copilot for VPS owners. It proposes certbot and nginx -t commands—you approve each one before execution. Connect your server
Related: restart Nginx safely · 502 after cert change
Quick answers
How do I renew Let's Encrypt SSL on Ubuntu?
sudo certbot renew --dry-run first, then sudo certbot renew. Reload Nginx or Apache: sudo systemctl reload nginx. Certbot often installs a cron or systemd timer automatically.
What if certbot renew fails?
Check DNS points to the server, port 80 is open for HTTP-01, or DNS-01 credentials for wildcards. Read /var/log/letsencrypt/letsencrypt.log.
Can I renew SSL without knowing Linux commands?
Yes—use an AI DevOps Copilot. Describe 'renew my SSL cert' and approve each proposed command before it runs on your VPS.