Server
Certbot
What is Certbot?
Certbot is a free, open-source software tool for automatically using Let's Encrypt certificates on manually-administrated websites to enable HTTPS. It simplifies the process of obtaining, installing, and renewing certificates.
Installation
Ubuntu
> sudo apt update
> sudo apt install certbot python3-certbot-nginx
Windows Server
- Install miniconda and activate an environment.
- Install Certbot using pip:
pip install certbot
certbot certonly --manual --preferred-challenges dns --agree-tos --email your_email@example.com -d yourdomain.com
Retrieve a Domain Certificate
HTTP-01 Challenge (Requires a Web Server) If your domain DNS points to your server, you can retrieve certificates using Certbot's --standalone mode:
> sudo certbot certonly --standalone -d yourdomain.com
DNS-01 Challenge (No Web Server Required)
If you can't use the HTTP challenge or your server isn't directly accessible over HTTP, use the DNS challenge. This requires adding a TXT record to your DNS settings.
Obtain the certificate using DNS:
> sudo certbot certonly --manual --preferred-challenges \
dns -d yourdomain.com
Certbot saves certificates in /etc/letsencrypt/live/yourdomain.com/
Automate Renewal
> sudo crontab -e
Add the following line to the cron file:
0 0 * * * certbot renew --quiet
Re-Issue Certificate
Create a fresh certificate and update the renewal configuration file to use the nginx plugin going forward, which will make automatic renewals work properly.
Since you originally installed with the nginx plugin, this suggests your server is using nginx and the nginx plugin would be more appropriate than the manual DNS authenticator that's currently configured.
$ sudo certbot --nginx -d <domain_name>
Generate Diffie-Hellman Key
Generate dhpam.pem file:
> openssl dhparam -out /etc/ssl/dhparam.pem 2048