IT/Software/Server Config/SSL Certificates/certbot: Difference between revisions

• This is a wonderful tool to install and manage SSL certificates on servers.

Background

1. certbot is a tool that manages Lets Encrypt certificates.
2. Get it from from here.
3. Their documentation is really well done.
4. Know what version you are on

apt-cache policy certbot | grep -i Installed

Install

1. You can install from the package maintaners version from 18.04 and on
   1. Full instructions are here
2. I recommend the ppa version
   1. Certbot PPA=

sudo add-apt-repository ppa:certbot/certbot
sudo apt-get update
sudo apt-get install certbot python-certbot-apache

Use

• • Basic installation of a certificate on apache
    • You can go to the website above for more details on other platforms.

sudo certbot

Checking Certificates

sudo certbot certificates

• You will get a nice list of certs with their expiry dates.

Renewing Certificates

• • This must be done every 90 days and can be done as much as 30 days early

sudo certbot renew

Force Renewal

• • This can eat into your allotment so only do as needed
    • This needed to happen once due to a Lets Encrypt bug

sudo certbot --force-renewal

• You still need to pick the domains and then choose to redirect https is you want.
  • Normally we do want the forced redirect to https.