Certbot: Difference between revisions
No edit summary |
(→Usage) |
||
Line 23: | Line 23: | ||
# Install a certificate | # Install a certificate | ||
sudo certbot --apache -d wiki.davidl.me | sudo certbot --apache -d wiki.davidl.me | ||
# Generate a certificate without install | # Generate a certificate without install | ||
sudo certbot certonly --apache -d wiki.davidl.me | sudo certbot certonly --apache -d wiki.davidl.me | ||
# Renew all certificates | # Renew all certificates | ||
Line 36: | Line 35: | ||
# Delete a certificate | # Delete a certificate | ||
sudo certbot delete --cert-name example.com | sudo certbot delete --cert-name example.com | ||
</pre> | |||
===Wildcard Certificates=== | |||
LetsEncrypt requires dns challenges for wildcard certificates. | |||
This means you'll need to input your dns information and us a compatible dns for auto-renewals. | |||
Fill out dns creditials in <code>~/.secrets/certbot/cloudflare.ini</code> | |||
<pre> | |||
# Cloudflare API credentials used by Certbot | |||
dns_cloudflare_email = <email> | |||
dns_cloudflare_api_key = <apikey> | |||
</pre> | |||
<pre> | |||
# Generate a wildcard certificate | |||
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me | |||
</pre> | </pre> |
Revision as of 08:26, 31 May 2020
Certbot is the program by Let's Encrypt to manage your SSL certificates.
Install
See https://certbot.eff.org/instructions
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare
Usage
# List certificates sudo certbot certificates # Install a certificate sudo certbot --apache -d wiki.davidl.me # Generate a certificate without install sudo certbot certonly --apache -d wiki.davidl.me # Renew all certificates sudo certbot renew # Revoke a certificate sudo certbot revoke --cert-name example.com # Delete a certificate sudo certbot delete --cert-name example.com
Wildcard Certificates
LetsEncrypt requires dns challenges for wildcard certificates. This means you'll need to input your dns information and us a compatible dns for auto-renewals.
Fill out dns creditials in ~/.secrets/certbot/cloudflare.ini
# Cloudflare API credentials used by Certbot dns_cloudflare_email = <email> dns_cloudflare_api_key = <apikey>
# Generate a wildcard certificate sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me