Certbot

From David's Wiki
\( \newcommand{\P}[]{\unicode{xB6}} \newcommand{\AA}[]{\unicode{x212B}} \newcommand{\empty}[]{\emptyset} \newcommand{\O}[]{\emptyset} \newcommand{\Alpha}[]{Α} \newcommand{\Beta}[]{Β} \newcommand{\Epsilon}[]{Ε} \newcommand{\Iota}[]{Ι} \newcommand{\Kappa}[]{Κ} \newcommand{\Rho}[]{Ρ} \newcommand{\Tau}[]{Τ} \newcommand{\Zeta}[]{Ζ} \newcommand{\Mu}[]{\unicode{x039C}} \newcommand{\Chi}[]{Χ} \newcommand{\Eta}[]{\unicode{x0397}} \newcommand{\Nu}[]{\unicode{x039D}} \newcommand{\Omicron}[]{\unicode{x039F}} \DeclareMathOperator{\sgn}{sgn} \def\oiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x222F}\,}{\unicode{x222F}}{\unicode{x222F}}{\unicode{x222F}}}\,}\nolimits} \def\oiiint{\mathop{\vcenter{\mathchoice{\huge\unicode{x2230}\,}{\unicode{x2230}}{\unicode{x2230}}{\unicode{x2230}}}\,}\nolimits} \)

Certbot is the program by Let's Encrypt to manage your SSL certificates.

Install

See https://certbot.eff.org/instructions 

sudo apt-get update
sudo apt-get install software-properties-common
sudo add-apt-repository universe
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update

sudo apt install certbot python3-certbot-apache python3-certbot-dns-cloudflare

Usage

See Managing Certificates 

# List certificates
sudo certbot certificates

# Install a certificate
sudo certbot --apache -d wiki.davidl.me

# Generate a certificate without install
sudo certbot certonly --apache -d wiki.davidl.me

# Renew all certificates
sudo certbot renew

# Revoke a certificate
sudo certbot revoke --cert-name example.com

# Delete a certificate
sudo certbot delete --cert-name example.com

Wildcard Certificates

LetsEncrypt requires dns challenges for wildcard certificates. This means you'll need to input your dns information and us a compatible dns for auto-renewals.

Fill out dns creditials in ~/.secrets/certbot/cloudflare.ini 

# Cloudflare API credentials used by Certbot
dns_cloudflare_email = <email>
dns_cloudflare_api_key = <apikey>

# Generate a wildcard certificate
sudo certbot -i apache --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/certbot/cloudflare.ini -d local.davidl.me -d *.local.davidl.me

Internal Services

Certbot allows you to use a DNS challenge to update your IP. So set an A record to your local IP and do the DNS challenge instead of the HTTP challenge.

Retrieved from "https://wiki.davidl.me/index.php?title=Certbot&oldid=5031"