Certbot
From wikinotes
certbot is a program that automates renewing SSL certificates from let's encrypt. No registration is required, it is dead-simple to use.
For the basics on what SSL certificates are, and how they work - see Ssl certificates .
Documentation
official docs https://certbot.eff.org/docs/
Locations
config /etc/letsencrypt/renewal
renewal config live (symlinks used in production) /etc/letsencrypt/live/{yourdomain}/privkey.pem
/etc/letsencrypt/live/{yourdomain}/fullchain.pem
/etc/letsencrypt/live/{yourdomain}/chain.pem
/etc/letsencrypt/live/{yourdomain}/cert.pem
real /etc/letsencrypt/archive/{yourdomain}/{type}{num}.pem
real certificate files, source of symlinks (1-indexed)
Install
You'll need to install the certbot package for your webserver
Ubuntu
sudo apt-get udate sudo add-apt-repository universe sudo add-app-repository ppa:certbot/certbot sudo apt-get update sudo apt-get install certbot python-certbot-nginx
Usage
general use
certbot certificates # list server's certbot certificates (in /etc/letsencrypt/)revoking certificates
revoking certificates is very important, and a part of your license agreement.
- if you are no longer using a certificate revoke it
- if you have reason to believe that a certificate is compromised (website attack), revoke it
Even outside of an attack, this helps you continue to provision SSL certs without interfering with each other
# if cert was generated on this server certbot revoke --cert-path /etc/letsencrypt/live/tor1.example.com/cert.pem # if cert was not generated on this server certbot revoke --cert-path cert.pem --key-path privkey.pemFind/Download certificates that have been issued, that you want to revoke: https://crt.sh
Examples
certbot example: nginx non-wildcard, using nginx certbot example: standalone non-wildcard, no webserver certbot example: wildcard certificate wildcard