Difference between revisions of "Certbot"
Jump to navigation
Jump to search
↑ https://certbot.eff.org/docs/intro.html
↑ https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains
| Line 12: | Line 12: | ||
* <code>certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com</code> | * <code>certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com</code> | ||
* <code>certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com</code> | * <code>certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com</code> | ||
| + | |||
| + | |||
<code>[[nginx.conf]]</code> | <code>[[nginx.conf]]</code> | ||
Revision as of 14:09, 30 December 2019
certbot[1] is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.
- Binaries:
certbotandletscrypt - Renewals configuration:
/etc/cron.d/certbot
Examples
To request a certificate:
- Stop your webserver:
systemctl nginx stop certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.comcertbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
certonly --standalone
certbot --nginx Saving debug log to /var/log/letsencrypt/letsencrypt.log The requested nginx plugin does not appear to be installed
certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No certs found. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot renew Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - No renewals were attempted. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- Changing a Certificdate's Domain[2]:
certbot certonly --cert-name example.com -d example.org,www.example.org - Automated renewals:
systemctl list-timers
Activities
See also
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1 - DNS: Linux DNS, IP,
systemd-resolve,/etc/hosts,whois, Domain registrar,dig,host,nslookup,scutil --dnsdnsmasq,bind,delv,.local,.internal, .onion, FQDN, TTL,/etc/resolv.conf,/etc/systemd/resolved.conf,dscacheutil(macOS),hostname, hostnamectl,bind,resolvectl status, DNS sinkhole, Domain name server, LLMNR, Resource records:MX, TXT, NS, CAA, SSHFP, Apex, CNAME, Wildcard DNS records, Subdomain, /etc/nsswitch.conf,1.1.1.1,8.8.8.8, CoreDNS, dnsPolicy:, Google Public DNS, DNS caches, Kubernetes ExternalDNS, DNS forwarding, IDNA2008, DNS-1035, Domain name registrars, Split-view DNS, Pi-hole, NextDNS
Advertising:
