Table of Contents

Certbot

Registration to Let's Encrypt ACME

# certbot register -n --agree-tos --no-eff-email -m "letsencrypt@initipi.sk"
 
- staging
 
# certbot register --staging -n --agree-tos --no-eff-email -m "letsencrypt@initipi.sk"

Generate SSL certificate

# certbot certonly -n -a webroot --webroot-path /opt/certbot/www -d domena.tld -d www.domena.tld
 
- staging
 
# certbot certonly --staging -n -a webroot --webroot-path /opt/certbot/www -d domena.tld -d www.domena.tld

Automatic renewing certificates

  • create /etc/cron.d/certbot-renew-certs:
25 5,17 * * * root certbot renew -n >> /var/log/certbot.log 2>&1

Manual renewing certificates

# certbot certonly --force-renewal -a webroot --webroot-path /opt/certbot/www --cert-name www.domain.tld

Automatic restart web server

  • create /etc/letsencrypt/renewal-hooks/deploy/99_restart-httpd.sh
if [ -n "$RENEWED_DOMAINS" ]; then
    nginx -t >/dev/null && /etc/init.d/nginx restart >/dev/null
fi

Revoke certificate

# certbot revoke --cert-path /etc/letsencrypt/live/domena.tld/cert.pem
 
- staging
 
# certbot revoke --staging --cert-path /etc/letsencrypt/live/domena.tld/cert.pem

Delete certificate

Delete all relevant certificates and keys 

# certbot delete --cert-name domena.tld

Unregister from Let's Encrypt ACME

# certbot unregister --account [ACCOUNT_ID]

Trace: freebsd_file_as_disk freebsd_networking freebsd_system_binary_upgrade freebsd_postfix_installation syntax etckeeper certbot

Print/export
QR Code
QR Code software:certbot (generated for current page)