nov 072018
 

Install

Since it doesn’t seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Certbot’s DNS plugins which can be used to automate obtaining a wildcard certificate from Let’s Encrypt’s ACMEv2 server are not available for your OS yet. This should change soon but if you don’t want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.

 

Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates certificate installation.

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you’re feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonlysubcommand:

$ sudo ./path/to/certbot-auto --apache certonly

To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let’s Encrypt certificates last for 90 days, it’s highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run

If that appears to be working correctly, you can arrange for automatic renewal by adding a cron job or systemd timer which runs the following:

./path/to/certbot-auto renew

An example cron job might look like this, which will run at noon and midnight every day:

0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && ./path/to/certbot-auto renew

More detailed information and options about renewal can be found in the full documentation.

How to run the client

In many cases, you can just run certbot-auto or certbot, and the client will guide you through the process of obtaining and installing certs interactively.

For full command line help, you can type:

./certbot-auto --help all

You can also tell it exactly what you want it to do from the command line. For instance, if you want to obtain a cert for example.comwww.example.com, and other.example.net, using the Apache plugin to both obtain and install the certs, you could do this:

./certbot-auto --apache -d example.com -d www.example.com -d other.example.net

(The first time you run the command, it will make an account, and ask for an email and agreement to the Let’s Encrypt Subscriber Agreement; you can automate those with --email and --agree-tos)

If you want to use a webserver that doesn’t have full plugin support yet, you can still use “standalone” or “webroot” plugins to obtain a certificate:

./certbot-auto certonly --standalone --email admin@example.com -d example.com -d www.example.com -d other.example.net

Understanding the client in more depth

To understand what the client is doing in detail, it’s important to understand the way it uses plugins. Please see the explanation of plugins in the User Guide.

Sorry, the comment form is closed at this time.