Difference between revisions of "Certbot"

From wikieduonline
Jump to navigation Jump to search
(One intermediate revision by the same user not shown)
Line 1: Line 1:
 
<code>certbot</code><ref>https://certbot.eff.org/docs/intro.html</ref> is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the [[ACME]] protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.
 
<code>certbot</code><ref>https://certbot.eff.org/docs/intro.html</ref> is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the [[ACME]] protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.
  
 +
* <code>apt install certbot</code>
  
  
Line 61: Line 62:
  
 
* Changing a Certificdate's Domain<ref>https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains</ref>: <code>certbot certonly --cert-name example.com -d example.org,www.example.org</code>
 
* Changing a Certificdate's Domain<ref>https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains</ref>: <code>certbot certonly --cert-name example.com -d example.org,www.example.org</code>
* Automated renewals: <code>[[systemctl]] list-timers</code>
+
* Automated renewals: <code>[[systemctl list-timers]]</code>
  
 
== Activities ==
 
== Activities ==

Revision as of 15:14, 19 February 2020

certbot[1] is a fully-featured, extensible client for the Let’s Encrypt CA (or any other CA that speaks the ACME protocol defined in 2015-2016) that can automate the tasks of obtaining certificates and configuring webservers to use them. This client runs on Unix-based operating systems.

  • apt install certbot


Ubuntu:

  • Binaries: certbot and letscrypt
  • Renewals configuration: /etc/cron.d/certbot

Examples

To request a certificate:

  • Stop your webserver: systemctl nginx stop
  • certbot certonly --standalone --preferred-challenges http -d YOUR_DOMAIN_NAME.com
  • certbot certonly --standalone --agree-tos --preferred-challenges dns -d *.YOUR_DOMAIN_NAME.com


nginx.conf

ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;



certonly --standalone

certbot --nginx
Saving debug log to /var/log/letsencrypt/letsencrypt.log
The requested nginx plugin does not appear to be installed
certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
No certs found.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot renew
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

No renewals were attempted.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
certbot delete --cert-name YOUR_CERT_NAME
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate YOUR_CERT_NAME.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


  • Changing a Certificdate's Domain[2]: certbot certonly --cert-name example.com -d example.org,www.example.org
  • Automated renewals: systemctl list-timers

Activities

See also

  • https://certbot.eff.org/docs/intro.html
  • https://certbot.eff.org/docs/using.html#changing-a-certificate-s-domains
  • Advertising: