Certbot

Aus SchnallIchNet
Wechseln zu: Navigation, Suche


LetsEncrypt Certbot usage


CREATE

create new cert by webroot

certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAIN>.de -d yadda.<DOMAIN>.de

You can add as many '-d foo.<DOMAIN>.de' entries as you need - as long as they all use the same document root on the webserver.
Also you can add a 2nd '-w /path/to/docRoot/ -d <DOMAIN>.eu -d www.<DOMAIN>.eu -d ...'


create cert by DNS challenges

This method is required e.g. for wildcard certificates:

certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns -d *.<DOMAIN>.tld

During that process 'certbot' will print out the secure challenge and will wait for you to set up your DNS
before checking. Set the DNS RR is present.

Set the following DNS TXT RR:

_acme-challenge         IN      TXT     "<SecureChallenge>"

and make sure it's replicated to all slaves.
Now press enter on the waiting certbot shell to move forward.


RENEW

Easy as that:

certbot renew


Renew for dns-challenges (interactively)

certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns --cert-name <DOMAIN>.tld -d *.<DOMAIN>.tld,<DOMAIN>.tld

or

certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns --cert-path /etc/letsencrypt/live/<DOMAIN>.de/cert.pem -d *.<DOMAIN>.de -d <DOMAIN>.de

REVOKE

revole by cert-path

certbot revoke --cert-path /etc/letsencrypt/live/<DOMAIN>/cert.pem