Renew SSL (HTTPS) stand-alone machine (Certbot and Nginx)

Create a new SSL certificate and replace the old one.


  1. Stop Nginx, remove previous private key and full chain files;
    • $ D:\apps\Nginx> tasklist /fi "imagename eq nginx.exe" // check current nginx instance
    • $ D:\apps\Nginx> taskkill /f /IM nginx.exe // kill all nginx progress
    • remove the files and folders named with the domain want to remove:
      • C:\Certbot\archive
      • C:\Certbot\live
      • C:\Certbot\renewal
  2. Create a new certificate by different domain with input;
    • $ C:\WINDOWS\system32> certbot certonly --standalone
    • enter the domain that want to be certified
  3. Copy the privkey.pem and fullchain.pem files to Nginx certificate file folder;
    • new private key and full chain are located at C:\Certbot\archive\
  4. Rename if possible, file matched with Nginx configuration;
    • copy these key and chain to Nginx certificate folder and rename them with domains
  5. Start Nginx;
    • $ D:\apps\Nginx> start nginx

Leave a Comment