Certbot

From wikieduonline
Jump to navigation Jump to search

certbot[1] is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.

  • apt install certbot


Ubuntu:

  • Binaries: certbot and letscrypt
  • Renewals configuration: /etc/cron.d/certbot

Examples

To request a certificate:

  • Stop your webserver: systemctl nginx stop
  • certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com
  • certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com (You will be asked for information)


nginx.conf

ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;



certonly --standalone

certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot renew --force-renewal
certbot delete --cert-name YOUR_CERT_NAME
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate YOUR_CERT_NAME.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  • Changing a Certificdate's Domain[2]: certbot certonly --cert-name example.com -d example.org,www.example.org
  • Automated renewals: systemctl list-timers

Activities

See also

Advertising: