IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions

Access restrictions were established for this page. If you see this message, you have no access to this page.

Latest revision as of 05:50, 11 December 2020

certbot is a tool that manages Lets Encrypt certificates.
- Get it from from here.
- Their documentation is really well done.
Know what version you are on

apt-cache policy certbot | grep -i Installed

You can install from the package maintaners version from 18.04 and on
- Full instructions are here
I recommend the ppa version
- Certbot PPA=

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Basic installation of a certificate on apache
- You can go to the website above for more details on other platforms.

sudo certbot

Make choices as you go through
- Choose to redirect to https
  - This will bork your ssl config files in sites enabled.
    - Manually go through and fix them.

sudo certbot certificates

When you install certificates certbot will put the cron job in place to autorenew.

cat /etc/cron.d/certbot

sudo certbot renew

This can eat into your allotment so only do as needed
- This needed to happen once due to a Lets Encrypt bug

sudo certbot --force-renewal

You still need to pick the domains and then choose to redirect https is you want.
- Normally we do want the forced redirect to https.
- BUT as noted above it will kill your ssl config file(s).

@@ Line 43: / Line 43: @@
 ==Renewing Certificates==
-**This must be done every 90 days and can be done as much as 30 days early
+When you install certificates certbot will put the cron job in place to autorenew.
+<code>cat /etc/cron.d/certbot</code>
+*This can be done every 90 days and can be done as much as 30 days early
 <code>sudo certbot renew</code>