Tag: certbot

  • certbot

    certbot

    Install certbot

    Certbot commands

    Certbot SSL for Applications

    Install certbot

    wget https://raw.githubusercontent.com/serverok/server-setup/master/install/letsencrypt.sh
bash letsencrypt.sh

    OR

    cd /usr/bin
wget https://dl.eff.org/certbot-auto
chmod a+x /usr/bin/certbot-auto
mv /usr/bin/certbot-auto /usr/bin/certbot

    Install SSL certificate on Apache

    certbot --authenticator webroot --webroot-path PATH_TO_DOC_ROOT_HERE --installer apache --agree-tos --no-eff-email --email [email protected] -d YOUR-DOMAIN.EXT -d www.YOUR-DOMAIN.EXT

    On Nginx

    certbot --authenticator webroot --webroot-path PATH_TO_DOC_ROOT_HERE --installer nginx --agree-tos  --no-eff-email --email [email protected] -d YOUR-DOMAIN.EXT -d www.YOUR-DOMAIN.EXT

    This will stop web server. Generate SSL, then start web server.

    Getting SSL with out installing

    certbot certonly --authenticator webroot --webroot-path PATH_TO_DOC_ROOT_HERE --agree-tos --email [email protected] -d YOUR-DOMAIN.EXT

    Getting SSL with out web server

    Domain should be pointed to the server IP and IP should be public to generate SSL. Run the following command.

    certbot certonly --standalone --agree-tos --no-eff-email --email [email protected] -d YOUR-DOMAIN.EXT

    Auto Renew SSL Certificate

    Set the following cronjob to auto-renew SSL

    crontab -e

    Add

    @weekly /usr/bin/certbot renew > /var/log/le-renew.log 2>&1

    List All SSL

    certbot certificates

    Change the Email Associated with the account

    certbot register --update-registration --email YOUR_EMAIL_HERE

    Search for LetsEncrypt SSL status

    https://crt.sh

    LetsEncrypt Renewal file

  • Certbot Remove a Domain Name from SSL Certficate

    Certbot Remove a Domain Name from SSL Certficate

    On a server, I have an SSL certificate with 2 domains (doaminA.com and domainB.com)

    root@Tombe:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: doaminA.com
    Domains: doaminA.com www.doaminA.com domainB.com
    Expiry Date: 2022-08-18 11:06:35+00:00 (VALID: 6 days)
    Certificate Path: /etc/letsencrypt/live/doaminA.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/doaminA.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
root@Tombe:~#

    domainB.com no longer pointed to this server, so the SSL auto-renewal failed because certbot can’t verify the domain name domainB.com

    To fix the problem, run certbot without domainB.com

    certbot --cert-name domainA.com -d domainA.com -d www.doaminA.com

    This will remove domainB.com from the domainA.com SSL certificate.

    Example

    root@Tombe:~# certbot --cert-name domainA.com -d domainA.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You are updating certificate domainA.com to include new domain(s):
(None)

You are also removing previously included domain(s):
- domainB.com

Did you intend to make this change?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate cert/(C)ancel: U
Renewing an existing certificate

    See Letsencrypt

  • certbot certificates

    To list all letsencrypt SSL certificates, run

    certbot certificates

    Example

    root@ok:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/boby.hosthat.com/cert.pem is unknown

-------------------------------------------------------------------------------
Found the following certs:
  Certificate Name: boby.hosthat.com
    Domains: boby.hosthat.com
    Expiry Date: 2017-06-11 15:10:00+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/boby.hosthat.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/boby.hosthat.com/privkey.pem
  Certificate Name: img.serverok.in
    Domains: img.serverok.in
    Expiry Date: 2018-05-02 16:06:53+00:00 (VALID: 66 days)
    Certificate Path: /etc/letsencrypt/live/img.serverok.in/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/img.serverok.in/privkey.pem
  Certificate Name: lab.hostonnet.com
    Domains: lab.hostonnet.com
    Expiry Date: 2018-04-25 03:34:37+00:00 (VALID: 59 days)
    Certificate Path: /etc/letsencrypt/live/lab.hostonnet.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/lab.hostonnet.com/privkey.pem
  Certificate Name: yboby.cf
    Domains: yboby.cf www.yboby.cf
    Expiry Date: 2018-03-21 19:43:49+00:00 (VALID: 25 days)
    Certificate Path: /etc/letsencrypt/live/yboby.cf/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/yboby.cf/privkey.pem
-------------------------------------------------------------------------------
root@ok:~#

    letsencrypt