Certbot: Difference between revisions

The Certbot is used the issue LetsEncrypt SSL-Certificates.

This is the install method advised by LetsEncrypt.

Make sure the certbot is not installed using Apt: sudo apt remove certbot.

Ensure the latest Snap version is installed: sudo snap install core; sudo snap refresh core.

Install the Certbot, make sure to use the --classic flag: sudo snap install --classic certbot.

Link the certbot binary to a path thats in the $PATH variabel: sudo ln -s /snap/bin/certbot /usr/bin/certbot. Depending on your environment this might not be necessary.

The certbot is also available in the officiall Debian, Ubuntu & Alpine repositories, but the version might be outdated.

• Ubuntu & Debian: apt install certbot
• Alpine: apk install certbot

To create an Certificate for example.com

sudo certbot certonly --nginx --agree-tos -n -d example.com

• --nginx: Use Local installed nginx for the Authentication-Challange, see Challanges for other ways to authenticate
• --agree-tos: Agree to the Terms of Service, the Command will not work without this option
• -n: Non-Interactive, do not prompt for anything
• -d <DOMAIN>: Domain to create the Certificate for

The Certificate will be saved under:

• /etc/letsencrypt/live/<DOMAIN>/fullchain.pem: Certificate
• /etc/letsencrypt/live/<DOMAIN>/privkey.pem: Private key

To renew all Certificates use:

sudo certbot renew --nginx --agree-tos -n

• --nginx: Use a locally installed nginx for the authentication challange. See Challenges for other ways to authenticate
• --agree-tos: Agree to the Terms of Service, the Command will not work without this option
• -n: Non-Interactive, do not prompt for anything
• -d <DOMAIN>: Optional, Domain to renew the Certificate for

Certificates will be updated if there expire in less than 30 days

To validate that you own a Domain you must complete a challange using one of the following method:

If a Nginx is running localy and serving for your domain you can simply use the --nginx option and certbot will use Nginx for the Challange and should complete it without stopping the Nginx.

If a Apache is running localy and serving for your domain you can simply use the --apache option and certbot will use Apache for the Challange and should complete it without stopping the Apache server.

Certbot will start a Webserver on Port 80 and will try to serve a file containg a verification code. If the Certbot can find that file, the challange will be completed.

Using the --webroot <Path> the Certbot will put files under the given directory und the given directory and try to access them.