Certbot: Difference between revisions

Created page with "Certbot is the program by Let's Encrypt to manage your SSL certificates. ==Usage== See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates]..."
 
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
Certbot is the program by Let's Encrypt to manage your SSL certificates.
Certbot is the program by Let's Encrypt to manage your SSL certificates.
==Install==
See [https://certbot.eff.org/instructions https://certbot.eff.org/instructions]
<pre>
sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare
</pre>


==Usage==
==Usage==
See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates]
See [https://certbot.eff.org/docs/using.html#managing-certificates Managing Certificates]
 


<pre>
<pre>
# List certificates
# List certificates
sudo certbot certificates
sudo certbot certificates
# Install a certificate
sudo certbot --apache -d wiki.davidl.me
# Generate a certificate without install
sudo certbot certonly --apache -d wiki.davidl.me


# Renew all certificates
# Renew all certificates
Line 16: Line 34:


# Delete a certificate
# Delete a certificate
sudo certbot revoke --cert-name example.com
sudo certbot delete --cert-name example.com
</pre>
 
===Wildcard Certificates===
LetsEncrypt requires dns challenges for wildcard certificates.
This means you'll need to input your dns information and us a compatible dns for auto-renewals.
 
Fill out dns creditials in <code>~/.secrets/certbot/cloudflare.ini</code>
<pre>
# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <email>
dns_cloudflare_api_key = <apikey>
</pre>
 
<pre>
# Generate a wildcard certificate
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me
</pre>
</pre>
==Internal Services==
Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge.