Difference between revisions of "Certbot"

From Dogtag
Jump to: navigation, search
m (See Also)
m (See Also)
 
Line 69: Line 69:
 
= See Also =
 
= See Also =
  
* [https://github.com/dogtagpki/pki/blob/master/docs/user/acme/Using_ACME_Responder.md Using ACME Responder]
+
* [https://github.com/dogtagpki/pki/blob/master/docs/user/acme/Using_PKI_ACME_Responder_with_Certbot.md Using PKI ACME Responder with Certbot]
 
* [https://certbot.eff.org/ Certbot]
 
* [https://certbot.eff.org/ Certbot]
 
* [https://certbot.eff.org/docs/ Certbot Docs]
 
* [https://certbot.eff.org/docs/ Certbot Docs]

Latest revision as of 14:17, 30 July 2020

Overview

This document describes how to use certbot.

Notes:

  • certbot does not work with self-signed certificate. In that case use plain HTTP instead.

Installation

$ dnf install certbot

Requesting a Certificate

To request a certificate with automatic http-01 validation:

$ certbot certonly --standalone -d example.com --register-unsafely-without-email --agree-tos

To request a certificate with manual http-01 validation:

$ certbot certonly --manual -d example.com --register-unsafely-without-email --agree-tos

To request a certificate with manual dns-01 validation:

$ certbot certonly --manual -d example.com --preferred-challenges dns --register-unsafely-without-email --agree-tos

To request a multi-domain certificate:

$ certbot certonly --manual -d example.com -d www.example.com --register-unsafely-without-email --agree-tos

To request a wildcard certificate:

$ certbot certonly --manual -d *.example.com --register-unsafely-without-email --agree-tos

To request a certificate from a different ACME server:

$ certbot certonly --standalone -d example.com --server http://localhost:8080/acme/directory --register-unsafely-without-email --agree-tos

The results will be stored in:

  • certificate: /etc/letsencrypt/live/example.com/fullchain.pem
  • private key: /etc/letsencrypt/live/example.com/privkey.pem

Renewing a Certificate

To renew a certificate with manual dns-01 validation:

$ certbot certonly --manual -d example.com --preferred-challenges dns

Removing a Certificate

$ certbot delete --cert-name $HOSTNAME

See Also