Certbot basic usage

  • maov
  • maov
  • updated 3 yrs ago

Certbot installation can be done through package management, by downloading their git repository or installing it through PIP.


Register an account

This is done interactively if you request a certificate from a CA without being registered.

root@acme:~# certbot register -m 'YOUR_EMAIL' --agree-tos --server 'https://api.buypass.com/acme/directory/'


Obtain a certificate using a webroot and HTTP-01 challenge

This requires an active root directory for the domain you are requesting the certificate for.

root@acme:~# certbot certonly --webroot -w /var/www/example.com/public_html/ -d example.buypass.com -d www.example.buypass.com --server 'https://api.buypass.com/acme/directory'


Obtain a certificate using Apache / Nginx / Standalone and HTTP-01 challenge

This method hooks into the currently running Apache / Nginx installation and manages the process on your behalf. Standalone requires the ports 80 and 443 to be available and is used if you don't have a webserver running.

root@acme:~# certbot certonly --nginx -d example.buypass.com -d www.example.buypass.com --server 'https://api.buypass.com/acme/directory/'


Obtain a certificate using DNS-01 challenge

There are mutiple methods of obtaining a certificate via DNS-01 challenges. The following method utilises the DNS-01 challenge, but requires manual DNS configuration.  The DNS record which has to be created is, in this example, a TXT record for "_acme-challenge.example.buypass.com", with value set to the challenge value you received.

root@acme:~# certbot certonly --manual --preferred-challenges dns -d example.buypass.com --server "https://api.buypass.com/acme/directory"

Automating the DNS challenge are pre-made for certain DNS providers, because Certbot provides a set of plugins which automates the creation / update of the challenge records. https://certbot.eff.org/docs/using.html?highlight=dns#dns-plugins

The following example utilises the DigitalOcean plugin, which is documented at https://certbot-dns-digitalocean.readthedocs.io/en/stable/.

root@acme:~# certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d example.buypass.com --server "https://api.buypass.com/acme/directory"


Certificate location

The currently active certificate should be located at /etc/letsencrypt/live/[FQDN]/ when either nginx, DNS-challenge or standalone is used. If a webroot was specified, that is where the certificate will be stored, eg. /var/www/[FQDN]/.

Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.

Sign-up using free email domains have been blocked due to increased spam. https://community.forumbee.com/t/63zsyt/blocked-email-domains