Certbot
Jump to navigation
Jump to search
certbot
Letsencrypt.org
See Letsencrypt.org
Usage
List Certificates
certbot certificates
Renew
certbot renew
Quiet:
certbot -q renew
Cert saved to:
/etc/letsencrypt/live/[DOMAIN]/fullchain.pem
key: /etc/letsencrypt/live/[DOMAIN]/privkey.pem cert: /etc/letsencrypt/live/[DOMAIN]/cert.pem fullchain: /etc/letsencrypt/live/[DOMAIN]/fullchain.pem chain: /etc/letsencrypt/live/[DOMAIN]/chain.pem
Generated config saved to:
/etc/letsencrypt/renewal/[DOMAIN].conf
Logs saved to:
/var/log/letsencrypt/letsencrypt.log
---
/etc/cron.d/certbot
0 */12 * * * root test -x /usr/bin/certbot -a \! -d /run/systemd/system && perl -e 'sleep int(rand(43200))' && certbot -q renew
-q, --quiet # Silence all output except errors. Useful for automation via cron. Implies --non-interactive. (default: False)
apache
SSLCertificateFile /etc/ssl/DOMAIN/DOMAIN-fullchain.pem SSLCertificateKeyFile /etc/ssl/DOMAIN/DOMAIN-privatekey.key
Install
Ubuntu
Install:
sudo apt-get update sudo apt-get install software-properties-common sudo add-apt-repository universe sudo add-apt-repository ppa:certbot/certbot sudo apt-get update
sudo apt-get install certbot python-certbot-apache
Auto install certificates:
sudo certbot --apache
Or just get a certificate:
sudo certbot certonly --apache
Test automatic renewal:
sudo certbot renew --dry-run
ref: https://certbot.eff.org/lets-encrypt/ubuntubionic-apache
CentOS
Install:
wget https://dl.eff.org/certbot-auto sudo mv certbot-auto /usr/local/bin/certbot-auto sudo chown root /usr/local/bin/certbot-auto sudo chmod 0755 /usr/local/bin/certbot-auto
Auto install certificates:
sudo /usr/local/bin/certbot-auto --apache
Or just get a certificate:
sudo /usr/local/bin/certbot-auto certonly --apache
Automatic renewal: (crontab)
echo "0 0,12 * * * root python -c 'import random; import time; time.sleep(random.random() * 3600)' && /usr/local/bin/certbot-auto renew" | sudo tee -a /etc/crontab > /dev/null
ref: https://certbot.eff.org/lets-encrypt/centos6-apache