フリーのLets's encrypt証明書を再発行してもらい、古くなった証明書を更新します
９０日間の期間限定なので定期的に更新必要です（普通はcronで定期的に自動更新設定しているはず）

今回は下記ドメインのみを更新します
hoge.net

指定するドキュメントルートは
/var/www/grav

コマンド

~$ sudo certbot certonly -w /var/www/grav -d hoge.net

Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?

1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)

Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 3　　＜ー私の場合は３
Renewing an existing certificate for hoge.net

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/hoge.net/fullchain.pem
Key is saved at: /etc/letsencrypt/live/hoge.net/privkey.pem
This certificate expires on 2026-01-24.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.

If you like Certbot, please consider supporting our work by:

• Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
• Donating to EFF: https://eff.org/donate-le

念の為、apache2再起動

~$ sudo systemctl restart apache2
~$ ls -l /var/www/grav