Certbot

Aus SchnallIchNet
Version vom 26. März 2020, 08:20 Uhr von Cbs (Diskussion | Beiträge) (Die Seite wurde neu angelegt: „== CREATE == === create new cert by webroot === certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAI…“)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

CREATE

create new cert by webroot

certbot certonly -c /etc/letsencrypt/cli.ini --webroot -w /var/www/<DOMAIN>/www -d www.<DOMAIN>.de -d <DOMAIN>.de -d yadda.<DOMAIN>.de

You can add as many '-d foo.<DOMAIN>.de' entries as you need - as long as they all use the same document root on the webserver.
Also you can add a 2nd '-w /path/to/docRoot/ -d <DOMAIN>.eu -d www.<DOMAIN>.eu -d ...'


create cert by DNS challenges

This method is required e.g. for wildcard certificates: 

certbot certonly -c /etc/letsencrypt/cli-manual.ini --manual --preferred-challenges dns -d *.<DOMAIN>.tld

During that process 'certbot' will print out the secure challenge and will wait for you to set up your DNS
before checking. Set the DNS RR is present.

Set the following DNS TXT RR: 

_acme-challenge         IN      TXT     "<SecureChallenge>"

and make sure it's replicated to all slaves.
Now press enter on the waiting certbot shell to move forward.


RENEW

Easy as that: 

certbot renew


REVOKE

revole by cert-path

certbot revoke --cert-path /etc/letsencrypt/live/<DOMAIN>/cert.pem
Von „https://schnallich.net/index.php?title=Certbot&oldid=1676