IT/Software/Server Config/SSL Certificates/certbot

From msgwiki
Jump to navigation Jump to search
  • This is a wonderful tool to install and manage SSL certificates on servers.

Background

  • certbot is a tool that manages Lets Encrypt certificates.
    • Get it from from here.
    • Their documentation is really well done.
  • Know what version you are on

apt-cache policy certbot | grep -i Installed

Install

  • You can install from the package maintaners version from 18.04 and on
    • Full instructions are here
  • I recommend the ppa version

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Use

  • Basic installation of a certificate on apache
    • You can go to the website above for more details on other platforms.

sudo certbot

  • Make choices as you go through
    • Choose to redirect to https
      • This will bork your ssl config files in sites enabled.
        • Manually go through and fix them.

Checking Certificates

sudo certbot certificates

  • You will get a nice list of certs with their expiry dates.

Renewing Certificates

When you install certificates certbot will put the cron job in place to autorenew.

cat /etc/cron.d/certbot

  • This can be done every 90 days and can be done as much as 30 days early

sudo certbot renew

Force Renewal

  • This can eat into your allotment so only do as needed
    • This needed to happen once due to a Lets Encrypt bug

sudo certbot --force-renewal

  • You still need to pick the domains and then choose to redirect https is you want.
    • Normally we do want the forced redirect to https.
    • BUT as noted above it will kill your ssl config file(s).