Certbot: Unterschied zwischen den Versionen
Aus SchnallIchNet
Cbs (Diskussion | Beiträge) |
Cbs (Diskussion | Beiträge) |
||
| Zeile 37: | Zeile 37: | ||
certbot renew | certbot renew | ||
| + | |||
| + | |||
| + | Renew for dns-challenges (interactively) | ||
| + | |||
| + | certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns --cert-name <DOMAIN>.tld -d *.<DOMAIN>.tld,<DOMAIN>.tld | ||
Version vom 31. März 2020, 15:08 Uhr
LetsEncrypt Certbot usage
Inhaltsverzeichnis
CREATE
create new cert by webroot
certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAIN>.de -d yadda.<DOMAIN>.de
You can add as many '-d foo.<DOMAIN>.de' entries as you need - as long as they all use the same document root on the webserver.
Also you can add a 2nd '-w /path/to/docRoot/ -d <DOMAIN>.eu -d www.<DOMAIN>.eu -d ...'
create cert by DNS challenges
This method is required e.g. for wildcard certificates:
certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns -d *.<DOMAIN>.tld
During that process 'certbot' will print out the secure challenge and will wait for you to set up your DNS
before checking. Set the DNS RR is present.
Set the following DNS TXT RR:
_acme-challenge IN TXT "<SecureChallenge>"
and make sure it's replicated to all slaves.
Now press enter on the waiting certbot shell to move forward.
RENEW
Easy as that:
certbot renew
Renew for dns-challenges (interactively)
certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns --cert-name <DOMAIN>.tld -d *.<DOMAIN>.tld,<DOMAIN>.tld
REVOKE
revole by cert-path
certbot revoke --cert-path /etc/letsencrypt/live/<DOMAIN>/cert.pem
