Difference between revisions of "Certbot"

From Dogtag
Jump to: navigation, search
m (Requesting a Certificate)
m (Installation)
Line 1: Line 1:
 +
= Overview =
 +
 +
This document describes how to use certbot.
 +
 +
Notes:
 +
* certbot does not work with self-signed certificate. In that case use plain HTTP instead.
 +
 
= Installation =
 
= Installation =
  

Revision as of 22:55, 15 November 2019

Overview

This document describes how to use certbot.

Notes:

  • certbot does not work with self-signed certificate. In that case use plain HTTP instead.

Installation

$ dnf install certbot

Requesting a Certificate

To request a certificate with automatic http-01 validation:

$ certbot certonly --standalone -d example.com --register-unsafely-without-email

To request a certificate with manual http-01 validation:

$ certbot certonly --manual -d example.com --register-unsafely-without-email

To request a certificate with manual dns-01 validation:

$ certbot certonly --manual -d example.com --register-unsafely-without-email --preferred-challenges dns

To request a multi-domain certificate:

$ certbot certonly -d example.com -d www.example.com

To request a certificate from a different ACME server:

$ certbot certonly -d example.com --server http://localhost:8080/acme/rest/directory

The results will be stored in:

  • certificate: /etc/letsencrypt/live/example.com/fullchain.pem
  • private key: /etc/letsencrypt/live/example.com/privkey.pem

Renewing a Certificate

To renew a certificate with manual dns-01 validation:

$ certbot certonly --manual -d example.com --preferred-challenges dns

Removing a Certificate

$ certbot delete --cert-name $HOSTNAME

See Also