Certbot: Difference between revisions
Created page with "Certbot is the program by Let's Encrypt to manage your SSL certificates. ==Usage== See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates]..." |
|||
(4 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
Certbot is the program by Let's Encrypt to manage your SSL certificates. | Certbot is the program by Let's Encrypt to manage your SSL certificates. | ||
==Install== | |||
See [https://certbot.eff.org/instructions https://certbot.eff.org/instructions] | |||
<pre> | |||
sudo apt-get update | |||
sudo apt-get install software-properties-common | |||
sudo add-apt-repository universe | |||
sudo add-apt-repository ppa:certbot/certbot | |||
sudo apt-get update | |||
sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare | |||
</pre> | |||
==Usage== | ==Usage== | ||
See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates] | See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates] | ||
<pre> | <pre> | ||
# List certificates | # List certificates | ||
sudo certbot certificates | sudo certbot certificates | ||
# Install a certificate | |||
sudo certbot --apache -d wiki.davidl.me | |||
# Generate a certificate without install | |||
sudo certbot certonly --apache -d wiki.davidl.me | |||
# Renew all certificates | # Renew all certificates | ||
Line 16: | Line 34: | ||
# Delete a certificate | # Delete a certificate | ||
sudo certbot | sudo certbot delete --cert-name example.com | ||
</pre> | |||
===Wildcard Certificates=== | |||
LetsEncrypt requires dns challenges for wildcard certificates. | |||
This means you'll need to input your dns information and us a compatible dns for auto-renewals. | |||
Fill out dns creditials in <code>~/.secrets/certbot/cloudflare.ini</code> | |||
<pre> | |||
# Cloudflare API credentials used by Certbot | |||
dns_cloudflare_email = <email> | |||
dns_cloudflare_api_key = <apikey> | |||
</pre> | |||
<pre> | |||
# Generate a wildcard certificate | |||
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me | |||
</pre> | </pre> | ||
==Internal Services== | |||
Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge. |