Certbot is a free and open-source tool supported by the Electronic Frontier Foundation (EFF) for automating the acquisition and renewal of SSL/TLS certificates on web servers. It can be integrated with common web server software such as Apache and Nginx, and obtain free SSL/TLS certificates through the Let's Encrypt service. These certificates can be used to protect the communication of websites and applications, ensuring that data is encrypted and secure during transmission. Certbot simplifies the certificate management process, making it easier for website administrators to implement HTTPS and improve website security.
Certbot provides a series of commonly used commands for managing SSL/TLS certificates and interacting with the Let's Encrypt service. Here are some common Certbot commands and their functions:
Obtain a certificate:
certbot certonly: Manually obtain a certificate without installation.
certbot --apache: Automatically configure the Apache server and obtain a certificate.
certbot --nginx: Automatically configure the Nginx server and obtain a certificate.
Install a certificate:
certbot install: Manually install a certificate on the web server.
Renew a certificate:
certbot renew: Automatically renew a certificate, usually used in conjunction with a cron job to ensure timely updates of certificates.
Manage certificates:
certbot delete: Delete a specified certificate.
certbot certificates: List information about currently installed certificates.
View help and documentation:
certbot --help: View help information for Certbot.
certbot --version: View version information for Certbot.
These commands provide basic certificate management functionality, and parameters and options can be further adjusted according to specific needs. Certbot also provides extensive documentation and examples to help users understand more features and usage methods.
The commands I commonly use are for obtaining, viewing, and deleting:
Obtain a certificate:
sudo certbot certonly --nginx --agree-tos --no-eff-email --staple-ocsp --preferred-challenges http -m [email protected] -d your.domain.name
You can add multiple -d followed by domain names in the command. Remember to replace the email and domain name in the command. Certbot will automatically renew the obtained certificates. This command only applies for obtaining and downloading certificates to the system, and does not generate nginx configuration files.
List currently obtained certificates:
certbot certificates
This command will display information about the validity period, path, etc. of the currently obtained certificates.
Delete a certificate:
certbot delete
This command helps you select and delete certificates through an interactive dialogue. After entering the command, the existing certificates will be displayed with corresponding numbers. Enter the number corresponding to the certificate you want to delete.
Reprinted from: Certbot Application, Viewing, and Deleting SSL Certificates