Installation
Install Certbot
For most Linux distributions:
sudo apt install certbot -y # For Debian/Ubuntu
sudo yum install certbot -y # For CentOS/RHEL
For macOS with Homebrew:
brew install certbot
Install Certbot with Webserver Plugins
To integrate Certbot with your web server (like Apache or NGINX):
sudo apt install python3-certbot-apache -y # For Apache
sudo apt install python3-certbot-nginx -y # For NGINX
Basic Commands
Obtain and Install a Certificate
For Apache:
sudo certbot --apache
For NGINX:
sudo certbot --nginx
Obtain a Certificate (Without Installing)
sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com
Renewal
Check Renewal Status
sudo certbot renew --dry-run
Renew All Certificates
sudo certbot renew
Revoke a Certificate
sudo certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem
List All Certificates
sudo certbot certificates
Delete a Certificate
sudo certbot delete --cert-name example.com
Testing HTTP-to-HTTPS Redirection
Certbot can test and configure automatic redirection:
sudo certbot --nginx --redirect
Manually Specify Webroot
If Certbot cannot find your web server configuration:
sudo certbot certonly --webroot -w /path/to/your/webroot -d example.com -d www.example.com
Standalone Mode (No Web Server Running)
Use Certbot’s standalone mode if no web server is running:
sudo certbot certonly --standalone -d example.com -d www.example.com
Force Certificate Renewal
sudo certbot renew --force-renewal
Automatic Renewal
Set up a cron job to automate renewal:
sudo crontab -e
Add the following line:
0 0 * * * /usr/bin/certbot renew --quiet
Certbot Logs
Check logs for troubleshooting:
sudo less /var/log/letsencrypt/letsencrypt.log
Example Configuration for NGINX
Modify your NGINX configuration to use the certificate:
server {
listen 80;
server_name example.com www.example.com;
location /.well-known/acme-challenge/ {
root /var/www/html;
}
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
root /var/www/html;
index index.html index.htm;
}
}
Reload NGINX after changes:
sudo systemctl reload nginx