Certbot: Difference between revisions
typo |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 1: | Line 1: | ||
The Certbot is used the issue LetsEncrypt SSL-Certificates | The Certbot is used the issue LetsEncrypt SSL-Certificates. | ||
== Install == | == Install == | ||
=== Snap Store === | |||
This is the install method advised by LetsEncrypt. | |||
<code>sudo apt remove certbot</code> | Make sure the certbot is not installed using Apt: <code>sudo apt remove certbot</code>. | ||
Ensure the latest Snap version is installed: | Ensure the latest Snap version is installed: <code>sudo snap install core; sudo snap refresh core</code>. | ||
<code>sudo snap install | Install the Certbot, make sure to use the <code>--classic</code> flag: <code>sudo snap install --classic certbot</code>. | ||
Link the certbot binary to a path thats in the $PATH variabel: <code>sudo ln -s /snap/bin/certbot /usr/bin/certbot</code>. Depending on your environment this might not be necessary. | |||
=== Apt & Apk === | |||
The certbot is also available in the officiall Debian, Ubuntu & Alpine repositories, but the version might be outdated. | |||
* Ubuntu & Debian: <code>apt install certbot</code> | |||
* Alpine: <code>apk install certbot</code> | |||
<code> | |||
== Retrieving a Certificate == | == Retrieving a Certificate == | ||
| Line 40: | Line 40: | ||
<code>sudo certbot renew --nginx --agree-tos -n</code> | <code>sudo certbot renew --nginx --agree-tos -n</code> | ||
* <code>--nginx</code>: Use | * <code>--nginx</code>: Use a locally installed nginx for the authentication challange. See [[Certbot#Challenges|Challenges]] for other ways to authenticate | ||
* <code>--agree-tos</code>: Agree to the Terms of Service, the Command will not work without this option | * <code>--agree-tos</code>: Agree to the Terms of Service, the Command will not work without this option | ||
* <code>-n</code>: Non-Interactive, do not prompt for anything | * <code>-n</code>: Non-Interactive, do not prompt for anything | ||
| Line 47: | Line 47: | ||
Certificates will be updated if there expire in less than 30 days | Certificates will be updated if there expire in less than 30 days | ||
== | == Challenges == | ||
To validate that you own a Domain you must complete a | To validate that you own a Domain you must complete a challange using one of the following method: | ||
=== Nginx === | === Nginx === | ||
Latest revision as of 15:06, 29 January 2023
The Certbot is used the issue LetsEncrypt SSL-Certificates.
Install
Snap Store
This is the install method advised by LetsEncrypt.
Make sure the certbot is not installed using Apt: sudo apt remove certbot.
Ensure the latest Snap version is installed: sudo snap install core; sudo snap refresh core.
Install the Certbot, make sure to use the --classic flag: sudo snap install --classic certbot.
Link the certbot binary to a path thats in the $PATH variabel: sudo ln -s /snap/bin/certbot /usr/bin/certbot. Depending on your environment this might not be necessary.
Apt & Apk
The certbot is also available in the officiall Debian, Ubuntu & Alpine repositories, but the version might be outdated.
- Ubuntu & Debian:
apt install certbot - Alpine:
apk install certbot
Retrieving a Certificate
To create an Certificate for example.com
sudo certbot certonly --nginx --agree-tos -n -d example.com
--nginx: Use Local installed nginx for the Authentication-Challange, see Challanges for other ways to authenticate--agree-tos: Agree to the Terms of Service, the Command will not work without this option-n: Non-Interactive, do not prompt for anything-d <DOMAIN>: Domain to create the Certificate for
The Certificate will be saved under:
/etc/letsencrypt/live/<DOMAIN>/fullchain.pem: Certificate/etc/letsencrypt/live/<DOMAIN>/privkey.pem: Private key
Renewing Certificates
To renew all Certificates use:
sudo certbot renew --nginx --agree-tos -n
--nginx: Use a locally installed nginx for the authentication challange. See Challenges for other ways to authenticate--agree-tos: Agree to the Terms of Service, the Command will not work without this option-n: Non-Interactive, do not prompt for anything-d <DOMAIN>: Optional, Domain to renew the Certificate for
Certificates will be updated if there expire in less than 30 days
Challenges
To validate that you own a Domain you must complete a challange using one of the following method:
Nginx
If a Nginx is running localy and serving for your domain you can simply use the --nginx option and certbot will use Nginx for the Challange and should complete it without stopping the Nginx.
Apache
If a Apache is running localy and serving for your domain you can simply use the --apache option and certbot will use Apache for the Challange and should complete it without stopping the Apache server.
Standalone
Certbot will start a Webserver on Port 80 and will try to serve a file containg a verification code. If the Certbot can find that file, the challange will be completed.
Webroot
Using the --webroot <Path> the Certbot will put files under the given directory und the given directory and try to access them.
