Certbot basic usage

Certbot installation can be done through package management, by downloading their git repository or installing it through PIP.


Register an account

This is done interactively if you request a certificate from a CA without being registered.

root@acme:~# certbot register -m 'YOUR_EMAIL' --agree-tos --server 'https://api.buypass.com/acme/directory/'


Obtain a certificate using a webroot and HTTP-01 challenge

This requires an active root directory for the domain you are requesting the certificate for.

root@acme:~# certbot certonly --webroot -w /var/www/example.com/public_html/ -d example.buypass.com -d www.example.buypass.com --server 'https://api.buypass.com/acme/directory'


Obtain a certificate using Apache / Nginx / Standalone and HTTP-01 challenge

This method hooks into the currently running Apache / Nginx installation and manages the process on your behalf. Standalone requires the ports 80 and 443 to be available and is used if you don't have a webserver running.

root@acme:~# certbot certonly --nginx -d example.buypass.com -d www.example.buypass.com --server 'https://api.buypass.com/acme/directory/'


Obtain a certificate using DNS-01 challenge

There are mutiple methods of obtaining a certificate via DNS-01 challenges. The following method utilises the DNS-01 challenge, but requires manual DNS configuration.  The DNS record which has to be created is, in this example, a TXT record for "_acme-challenge.example.buypass.com", with value set to the challenge value you received.

root@acme:~# certbot certonly --manual --preferred-challenges dns -d example.buypass.com --server "https://api.buypass.com/acme/directory"

Automating the DNS challenge are pre-made for certain DNS providers, because Certbot provides a set of plugins which automates the creation / update of the challenge records. https://certbot.eff.org/docs/using.html?highlight=dns#dns-plugins

The following example utilises the DigitalOcean plugin, which is documented at https://certbot-dns-digitalocean.readthedocs.io/en/stable/.

root@acme:~# certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d example.buypass.com --server "https://api.buypass.com/acme/directory"


Certificate location

The currently active certificate should be located at /etc/letsencrypt/live/[FQDN]/ when either nginx, DNS-challenge or standalone is used. If a webroot was specified, that is where the certificate will be stored, eg. /var/www/[FQDN]/.

Oldest first
  • Oldest first
  • Newest first
  • Active threads
  • Popular
  • 3 wk agoLast active
  • 542Views
  • 1 Following

Buypass Official Community

This is the official community of Buypass.  A Root CA located in Norway.