Best Practices

Bitnami bncert-tool manual update to pull new certificates

Using free SSL certificates from LetsEncrypt is a great way to keep your site and your users secure. The only downside is that each certificate is only good for 90 days. Either you need to remember to renew your certificates every 90 days or you need to set up auto-renewal on your hosted server. If you’re using Bitnami packaged app for WordPress, then it’s easy! The bncert-tool will automatically check to see if your certificates are nearing expiration and automatically update them without needing anything from you.

… Until it does. This week I got notified by two different sites that their certificates were nearing the expiration date. That normally doesn’t happen because they’ll get renewed automatically well in advance. When I logged in to investigate, I saw that even manual attempts to renew the certificate were failing. The issue ended up being that I needed to upgrade my bncert-tool.

Bitnami bncert-tool References

Learn About The Bitnami HTTPS Configuration Tool is a great resource with everything you need to know about setting up bncert-tool. The command to upgrade is simple and takes only a few minutes to run and then you will be able to renew your SSL certificates.

sudo /opt/bitnami/bncert-tool

If your tool is out of date, this command will inform you of that fact and ask if you would like to upgrade. Just hit ‘Y’ and Enter and the update will happen in the background in a matter of seconds. Once it is complete, you can run the same command a second time. This time it will walk you through the process to update your certificates.

I upgrade mine and my clients’ servers once per year. This is to get the latest Bitnami stack as well as the upgraded security features for each new revision of PHP. So this should be a rarity that an update of the tool is required in between annual server migrations. But just in case you’ve run for a long time without checking, be on the lookout for expiration notices and take action!