Using Certbot Command (with examples)
- Linux
- November 5, 2023
Introduction
The certbot
command is a powerful tool that allows you to obtain and manage TLS certificates from Let’s Encrypt. In this article, we will explore different use cases of the certbot
command and provide code examples to illustrate each scenario.
Use Case 1: Obtain a new certificate via webroot authorization
sudo certbot certonly --webroot --webroot-path path/to/webroot --domain subdomain.example.com
Motivation:
This example is useful when you want to obtain a new TLS certificate for a specific subdomain using the webroot method. The certificate will be obtained but not automatically installed.
Explanation:
--webroot
option specifies that the webroot method will be used for domain authorization.--webroot-path
option specifies the path to the webroot directory under which the challenge file will be placed.--domain
option specifies the subdomain for which the certificate should be obtained.
Example Output:
The command will obtain a new certificate for the specified subdomain using the webroot method. The certificate files will be saved on disk, but not automatically installed.
Use Case 2: Obtain a new certificate via nginx authorization
sudo certbot --nginx --domain subdomain.example.com
Motivation:
This example is useful when you want to obtain a new TLS certificate for a specific subdomain using the nginx method. The obtained certificate will be automatically installed in the nginx web server configuration.
Explanation:
--nginx
option specifies that the nginx method will be used for domain authorization.--domain
option specifies the subdomain for which the certificate should be obtained.
Example Output:
The command will obtain a new certificate for the specified subdomain using the nginx method. The certificate will be automatically installed in the nginx web server configuration.
Use Case 3: Obtain a new certificate via apache authorization
sudo certbot --apache --domain subdomain.example.com
Motivation:
This example is useful when you want to obtain a new TLS certificate for a specific subdomain using the apache method. The obtained certificate will be automatically installed in the Apache web server configuration.
Explanation:
--apache
option specifies that the apache method will be used for domain authorization.--domain
option specifies the subdomain for which the certificate should be obtained.
Example Output:
The command will obtain a new certificate for the specified subdomain using the apache method. The certificate will be automatically installed in the Apache web server configuration.
Use Case 4: Renew all Let’s Encrypt certificates expiring in 30 days or less
sudo certbot renew
Motivation:
This example is useful when you want to automatically renew all Let’s Encrypt certificates that are expiring in 30 days or less. It is recommended to periodically run this command to ensure the continuous validity of the certificates.
Explanation:
Running certbot renew
will automatically renew all Let’s Encrypt certificates on the system that are expiring in 30 days or less. Note that you may need to restart any servers that use the renewed certificates for the changes to take effect.
Example Output:
The command will check for all Let’s Encrypt certificates that are expiring in 30 days or less and renew them if necessary. It will display the output indicating the status of the renewal process for each certificate.
Use Case 5: Simulate obtaining a new certificate without saving it to disk
sudo certbot --webroot --webroot-path path/to/webroot --domain subdomain.example.com --dry-run
Motivation:
This example is useful when you want to simulate the process of obtaining a new TLS certificate without actually saving the certificate files to disk. It helps in verifying that the configuration and authorization process is correct before obtaining a real certificate.
Explanation:
--dry-run
option enables dry run mode, which simulates the certificate obtaining process without actually making any permanent changes.- The other options,
--webroot
,--webroot-path
, and--domain
, are the same as explained in Use Case 1.
Example Output:
The command will simulate the process of obtaining a new certificate for the specified subdomain using the webroot method. It will display the output indicating the success or failure of the simulation without saving any certificate files.
Use Case 6: Obtain an untrusted test certificate
sudo certbot --webroot --webroot-path path/to/webroot --domain subdomain.example.com --test-cert
Motivation:
This example is useful when you want to obtain a test certificate instead of a production-ready certificate. The test certificate is not trusted by default and is mainly used for testing and development purposes.
Explanation:
--test-cert
option instructs Certbot to obtain an untrusted test certificate instead of a production certificate.- The other options,
--webroot
,--webroot-path
, and--domain
, are the same as explained in Use Case 1.
Example Output:
The command will obtain an untrusted test certificate for the specified subdomain using the webroot method. The certificate files will be saved on disk, but should not be used in a production environment.
Conclusion
In this article, we explored different use cases of the certbot
command and provided code examples for each scenario. We covered obtaining certificates via webroot, nginx, and apache authorization methods, as well as options for renewal, simulation, and obtaining untrusted test certificates. Understanding these different use cases will help you effectively manage your TLS certificates with Let’s Encrypt.