Renew SSL Certificate

Introduction

An expired SSL certificate of the server affects the management of enrolled devices. Therefore, it is important to update the SSL certificate regularly to ensure smooth operation and control over the devices.

The certificate must be renewed. The procedure differs depending on the operating system and installation.

Docker

For a Docker installation, do the following:

  1. check the docker-compose.yml to see where the certificate or key is stored. Usually these files are named server.pem and server.key. They are usually located in the same directory
  2. look for the following section in the docker-compose.yml
nginx:
  volumes:
    - "./server.pem:/etc/nginx/server.pem"
    - "./server.key:/etc/nginx/server.key"
  1. in this example, the files are in the same directory as docker-compose.yml
  2. replace the server.pem file with the new certificate. Alternatively, you can open the file and replace the contents
  3. restart the Docker container. To do this, use the commands docker compose down to stop the container first and then docker compose up -d to start it again

Native installation Windows with nginx

For a Windows installation, do the following:

  1. if the server.pem file is not in the %ProgramFiles%\nginx\conf\ directory, check the nginx.conf file to see where the certificate was placed. You can usually find this file in %ProgramFiles%\nginx\conf\nginx.conf
  2. within this file, look for this section:
nginx.conf
ssl_certificate server.pem;

Replace the server.pem file with that of the new certificate, or open the file in an editor (run as administrator) and replace the contents with those of the new certificate. Restart the nginx service afterwards.

Native installation CentOS Linux with nginx

For a native Linux installation, proceed as follows

  1. check if there is the expired certificate at /etc/pki/tls/certs/server.pem
  2. if it does, make a copy, open the file, remove the contents, and copy the contents of the new certificate into the server.pem file
  3. alternatively, rename the existing file and place the new certificate under the name server.pem in that path
sudo mv server.pem /etc/pki/tls/certs
sudo chown root:root /etc/pki/tls/certs/server.pem
sudo chmod 644 /etc/pki/tls/certs/server.pem
  1. after that the service nginx has to be restarted. To do this, type systemctl stop nginx followed by systemctl start nginx

Certbot

It may happen that Certbot has not requested a new certificate for various reasons. You can do this manually. To do this, type certbot --renew in the console to request a new certificate.