Get started
Obtain a certificate with Certbot
After installing Certbot you can obtain a certificate from Buypass CA, the following examples were generated using EFF’s Certbot from their official website
Certbot requires root-privileges in order to perform its operations. The Certbot will auto-install dependencies the first time performing an command using the “certbot-auto”binary. After Certbot has finished installing its dependencies you will be prompted for input. Registration is also automatically performed prior obtaining a certificate from the Buypass AS ACME service.
Register to CA
root@acme:~# certbot register -m 'YOUR_EMAIL' --agree-tos --server 'https://api.buypass.com/acme/directory'
| Parameter | Explanation |
| register | Specify task |
| -m “email” | Email to be used for nofitication purposes, eg. expiring certificates. |
| –agree-tos | Automatically agree to the Terms of Service |
| –server ‘URL’ | Use the specified ACME server to obtain certificates |
Obtain certificate
To order a certifcate from Buypass you can perform the following command, replace example.com with your domain name.
root@acme:~# certbot certonly --webroot -w /var/www/example.com/public_html/ -d example.com -d www.example.com --server 'https://api.buypass.com/acme/directory'
| Parameter | Explanation |
| certonly | Specify task |
| –webroot | Obtains a certificate by writing to the webroot directory of an already running webserver. |
| -w | Specify the web-root containing the files served by the webserver. |
| -d ‘FQDN’ | Fully Qualified Domain Name to obtain certificate for, which is accessible on port 80 and 443. |
| –server ‘URL’ | Use the specified ACME server to obtain certificates |
Managing Certificates with Certbot
Revoke Certificate
Revoke a previously obtained certificate by performing the following command.
root@acme:~# certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem --server 'https://api.buypass.com/acme/directory'
| Parameter | Explanation |
| revoke | Start the task of revoking an existing certificate |
| –server “URL” | Use the specified ACME server to obtain certificates |
| –cert-path “PATH” | Specify the path of the desired certificate to remove |
Renew Certificate\
Manual renewal of certificates can be achieved through the following command. To automate the renewal process this can be scheduled using cron.
root@acme:~# certbot renew
| Parameter | Explanation |
| renew | Check and renew expiring certificates |
| -n | Run without user interaction |
| -q | Quiet output, reduced logging to screen |
Automated renewal is scheduled in cron by invoking the following command to edit the cron tasks for the root user
sudo crontab -e
Then add the following lines to the file.
#Cron-job scheduled under root to run every 12th hour at a specified minute (eg. 23, change this to your preference) 23 */12 * * * /opt/certbot/certbot-auto renew -n -q >> /var/log/certbot-auto-renewal.log
Delete Certificate
Invoke the following command to delete a certificate. This will give you a list of available certificates which you can choose a certificate from to completely delete.
root@acme:~# certbot delete
| Paramater | Explanation |
| delete | Start the task of deleting previously obtained certificates |
-
How can I set up a Common Name for my certificate? It's odd it's empty.
-
Hi John S. ,
the use of CN is deprecated according to Baseline Requirements. Please check https://community.buypass.com/t/h4dw8h and https://community.buypass.com/t/x1j8vt/create-a-certificate-with-subject for more details.
Regards,
Andriy
-
