Difference between revisions of "Certbot"

From wikieduonline
Jump to navigation Jump to search
Line 81: Line 81:
 
* Read <code>certbot</code> [[certbot changelog]]: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md
 
* Read <code>certbot</code> [[certbot changelog]]: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md
 
* <code>[[certbot renew]]</code>
 
* <code>[[certbot renew]]</code>
 +
* [[Certbot renew configuration examples]]
  
 
== See also ==
 
== See also ==

Revision as of 06:18, 19 June 2020

certbot[1] is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.


Installation

You can additionally install certbot plugins:

python3-certbot-apache
python3-certbot-dns-cloudflare
python3-certbot-dns-digitalocean
python3-certbot-dns-dnsimple
python3-certbot-dns-google
python3-certbot-dns-rfc2136
python3-certbot-dns-route53
python3-certbot-nginx

Ubuntu files

  • Binaries: certbot and letscrypt
  • Configuration files: /etc/letsencrypt
/etc/letsencrypt/renewal/

Examples

certbot -d YOUR_DOMAIN_NAME.com --manual --preferred-challenges dns certonly
certbot -d *.YOUR_DOMAIN_NAME.com --manual --preferred-challenges dns certonly


Request a certificate

  • Stop your webserver:
systemctl stop nginx
  • certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an authenticator plugin that can do challenges over DNS.


  • certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com (You will be asked for information)
None of the preferred challenges are supported by the selected plugin


nginx.conf

ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
openssl x509 -text -noout -in cert.pem


certbot certonly --standalone

certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed


certbot delete --cert-name YOUR_CERT_NAME
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate YOUR_CERT_NAME.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  • Changing a Certificdate's Domain[2]: certbot certonly --cert-name example.com -d example.org,www.example.org
  • Automated renewals: systemctl list-timers

Activities

See also

  • https://certbot.eff.org/docs/intro.html
  • https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains
  • Advertising: