Editing Certbot

Jump to navigation Jump to search

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 1: Line 1:
<code>certbot</code><ref>https://certbot.eff.org/docs/intro.html</ref> is a fully-featured, extensible client for the [[Let’s Encrypt]] [[CA]] (or any other CA that speaks the [[ACME]] protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.
+
<code>certbot</code><ref>https://certbot.eff.org/docs/intro.html</ref> is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the [[ACME]] protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.
  
 +
* <code>apt install certbot</code>
  
== Installation ==
 
* Ubuntu: <code>[[apt install]] certbot</code>
 
* [[macOS]]: <code>[[brew install]] certbot</code>
 
  
You can additionally install [[Plugins (certbot)|certbot plugins]]:
+
[[Ubuntu]]:
* <code>python3-certbot-apache</code>
+
* Binaries: <code>certbot</code> and <code>letscrypt</code>
* <code>python3-certbot-dns-cloudflare</code>
+
* Renewals configuration: <code>/etc/cron.d/certbot</code>
* <code>[[python3-certbot-dns-digitalocean]]</code>
 
* <code>[[python3-certbot-dns-dnsimple]]</code>
 
* <code>python3-certbot-dns-google</code>
 
* <code>python3-certbot-dns-rfc2136</code>
 
* <code>python3-certbot-dns-route53</code>
 
* <code>[[python3-certbot-nginx]]</code>
 
 
 
== [[Ubuntu]] files ==
 
* Binaries: <code>certbot</code> and <code>[[letscrypt]]</code>
 
* Configuration files:
 
::<code>[[/etc/letsencrypt/]]</code>
 
::<code>[[/etc/letsencrypt/renewal/]]</code>
 
* Renewals configuration: <code>/etc/cron.d/certbot]]</code>
 
* Logs: <code>[[/var/log/letsencrypt/letsencrypt.log]]</code>
 
  
 
== Examples ==
 
== Examples ==
 +
To request a certificate:
 +
* Stop your webserver: <code>systemctl nginx stop</code>
 +
* <code>certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com</code>
 +
* <code>certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com</code>
  
* <code>[[certbot (command)|certbot]] -d YOUR_DOMAIN_NAME.com --manual --[[preferred-challenges]] [[dns]] [[certonly]]</code>
 
  
  
Create a wildcard certificate:
+
<code>[[nginx.conf]]</code>
[[certbot (command)|certbot]] -d *.YOUR_DOMAIN_NAME.com --manual --preferred-challenges dns certonly
+
:<code>[[ssl_certificate]]     /etc/letsencrypt/live/www.example.com/fullchain.pem;</code>
 +
:<code>ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;</code>
  
  
 
=== Request a certificate ===
 
* List certificates: <code>[[certbot certificates]]</code>
 
* <code>[[certbot renew]]</code>
 
* <code>[[certbot renew --force-renewal]]</code>
 
* <code>[[certbot delete]] --cert-name YOUR_CERT_NAME</code>
 
* Changing a Certificdate's Domain<ref>https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains</ref>: <code>certbot certonly --cert-name example.com -d example.org,www.example.org</code>
 
* Automated renewals: <code>[[systemctl list-timers]]</code>
 
  
  
* Stop your webserver:
 
: <code>[[systemctl]] stop nginx</code>
 
* <code>[[certbot certonly]] --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com</code>
 
 
Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA. You may need to use an [[authenticator plugin]] that can do challenges over DNS.
 
  
 +
<code>certonly --standalone</code>
  
* <code>certbot certonly --standalone --agree-tos --preferred-challenges [[dns]] -d *.YOUR_DOMAIN_NAME.com</code> (You will be asked for information)
+
<pre>
None of the preferred challenges are supported by the selected plugin
+
certbot --nginx
 +
Saving debug log to /var/log/letsencrypt/letsencrypt.log
 +
The requested nginx plugin does not appear to be installed
 +
</pre>
  
 +
<pre>
 +
certbot certificates
 +
Saving debug log to /var/log/letsencrypt/letsencrypt.log
  
 +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
No certs found.
 +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
</pre>
  
<code>[[nginx.conf]]</code>
+
<pre>
:<code>[[ssl_certificate]]    /etc/letsencrypt/live/www.example.com/fullchain.pem;</code>
+
certbot renew
:<code>ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;</code>
+
Saving debug log to /var/log/letsencrypt/letsencrypt.log
  
:<code>openssl x509 -text -noout -in cert.pem</code>
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
  
 +
No renewals were attempted.
 +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
</pre>
  
 +
<pre>
 +
certbot delete --cert-name YOUR_CERT_NAME
 +
Saving debug log to /var/log/letsencrypt/letsencrypt.log
  
<code>certbot certonly --standalone</code>
+
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
Deleted all files relating to certificate YOUR_CERT_NAME.
 +
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
 +
</pre>
  
 
[[certbot --nginx]]
 
Saving debug log to /var/log/letsencrypt/letsencrypt.log
 
The requested nginx plugin does not appear to be installed
 
  
 +
* Changing a Certificdate's Domain<ref>https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains</ref>: <code>certbot certonly --cert-name example.com -d example.org,www.example.org</code>
 +
* Automated renewals: <code>[[systemctl list-timers]]</code>
  
 
== Activities ==
 
== Activities ==
 
* Read <code>certbot</code> [[certbot changelog]]: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md
 
* Read <code>certbot</code> [[certbot changelog]]: https://github.com/certbot/certbot/blob/master/certbot/CHANGELOG.md
* <code>[[certbot renew]]</code>
 
* [[Certbot renew configuration examples]]
 
* [[acme.sh]]
 
  
 
== See also ==
 
== See also ==
* {{certbot cmd}}
+
* {{HTTPS}}
* {{certbot}}
 
 
* {{CA}}
 
* {{CA}}
 +
* {{DNS}}
  
 
[[Category:IT Security]]
 
[[Category:IT Security]]

Please note that all contributions to wikieduonline may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see Wikieduonline:Copyrights for details). Do not submit copyrighted work without permission!

Cancel Editing help (opens in new window)

Templates used on this page:

Retrieved from "https://www.wikieduonline.com/wiki/Certbot"

Advertising: