How to Use the Command 'certbot' (with Examples)

How to Use the Command 'certbot' (with Examples)

Certbot is a powerful and flexible tool used to obtain and renew TLS certificates automatically through Let’s Encrypt, an organization that provides free SSL/TLS certificates. By securing your web applications with HTTPS, you improve data privacy and integrity for users. Certbot simplifies the complicated process of certificate generation and management, making it accessible even for those with limited technical expertise.

Use Case 1: Obtain a New Certificate via Webroot Authorization without Automatic Installation

Code:

sudo certbot certonly --webroot --webroot-path path/to/webroot --domain subdomain.example.com

Motivation:

This method is essential when you want precise control over the certificate installation process. Using webroot authorization is particularly useful for websites hosted on resources or platforms without native Certbot installer support. It allows you to create certificates without directly modifying existing web server configurations.

Explanation:

  • sudo: Runs the command with administrative privileges necessary for certifying and modifying server configurations.
  • certbot: Initiates the Certbot tool.
  • certonly: Tells Certbot to obtain a certificate without attempting to install it, suiting scenarios where installation needs to be done manually.
  • --webroot: Uses the webroot plugin to verify domain ownership by placing challenges in the .well-known directory within the specified path.
  • --webroot-path path/to/webroot: Specifies the webroot directory of the domain to use during validation.
  • --domain subdomain.example.com: Indicates the domain for which the certificate is being requested.

Example Output:

Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/subdomain.example.com/fullchain.pem

Use Case 2: Obtain a New Certificate via Nginx Authorization and Install Automatically

Code:

sudo certbot --nginx --domain subdomain.example.com

Motivation:

This approach is suitable for users hosting their sites on Nginx web servers. By leveraging the nginx plugin, Certbot automatically configures the server to use the newly obtained certificate effortlessly. This streamlines the process since both obtaining and installing are handled by Certbot.

Explanation:

  • sudo: Runs the command with necessary permissions.
  • certbot: Starts Certbot to begin the certification process.
  • --nginx: Utilizes the nginx plugin to automatically authenticate the domain and configure Nginx for SSL.
  • --domain subdomain.example.com: Specifies the domain for which the certificate is desired.

Example Output:

Congratulations! You have successfully enabled https://subdomain.example.com
Your cert will expire on YYYY-MM-DD. To obtain a new or tweaked version of this certificate in the future, simply run certbot again.

Use Case 3: Obtain a New Certificate via Apache Authorization and Install Automatically

Code:

sudo certbot --apache --domain subdomain.example.com

Motivation:

This is advantageous for Apache users. Certbot simplifies certificate management by using the apache plugin to configure the server, eliminating the manual steps of enabling SSL and handling certificates directly.

Explanation:

  • sudo: Executes the command with administrative rights.
  • certbot: Initiates the process with Certbot’s command-line interface.
  • --apache: Automatically manipulates the Apache configuration to deploy SSL.
  • --domain subdomain.example.com: Indicates the specific domain to secure.

Example Output:

Congratulations! Your certificate and chain have been saved at: /etc/letsencrypt/live/subdomain.example.com/fullchain.pem
Your cert will expire on YYYY-MM-DD. To renew, run 'certbot renew'

Use Case 4: Renew All Let’s Encrypt Certificates Expiring in 30 Days or Less

Code:

sudo certbot renew

Motivation:

Regular renewals are crucial for maintaining a website’s secure status. Certbot automatically checks and updates certificates to prevent expiration-related disruptions, ensuring continuous encryption coverage.

Explanation:

  • sudo: Necessary for administrative command execution.
  • certbot: Used to control certificate renewal processes.
  • renew: Instructs Certbot to renew all installed certificates that are due for expiration within 30 days.

Example Output:

Cert not due for renewal, but simulating renewal for dry run
Congratulations, all renewals succeeded. The following certs have been renewed:
  /etc/letsencrypt/live/subdomain.example.com/fullchain.pem (success)

Use Case 5: Simulate the Obtaining of a New Certificate Without Saving

Code:

sudo certbot --webroot --webroot-path path/to/webroot --domain subdomain.example.com --dry-run

Motivation:

A dry run is valuable for testing the certificate retrieval process. It’s beneficial especially after changes in server configuration to ensure that the actual process will succeed without issues once performed for real.

Explanation:

  • sudo: Executes with elevated permissions.
  • certbot: Launches the Certbot process.
  • --webroot: Specifies webroot validation.
  • --webroot-path path/to/webroot: Directory used for validation purposes.
  • --domain subdomain.example.com: Domain for simulated certification.
  • --dry-run: Avoids saving any certificates, performing a verification instead.

Example Output:

The dry run was successful.

Use Case 6: Obtain an Untrusted Test Certificate

Code:

sudo certbot --webroot --webroot-path path/to/webroot --domain subdomain.example.com --test-cert

Motivation:

Test certificates are beneficial in development environments where real certificates aren’t necessary. Using test certificates reduces the consumption of the rate limits imposed by Let’s Encrypt on real certs.

Explanation:

  • sudo: Runs with necessary administrative privileges.
  • certbot: Manages the certificate process.
  • --webroot: Employs the webroot plugin for domain validation.
  • --webroot-path path/to/webroot: Path for challenge files for validation.
  • --domain subdomain.example.com: The domain to be certified.
  • --test-cert: Requests an untrusted certificate from the staging environment.

Example Output:

Obtaining a new certificate for subdomain.example.com from Let's Encrypt staging server

Conclusion:

Certbot is a versatile tool that suits various server environments and user needs. By leveraging its diverse capabilities, users can secure their websites efficiently, focusing on aspects like easy installation, automatic renewals, and testing. Understanding different use cases can empower administrators to manage their SSL/TLS certifications effortlessly and adapt to any server or business requirements they may encounter.

Related Posts

How to Monitor Your Linux System Using 'atop' (with examples)

How to Monitor Your Linux System Using 'atop' (with examples)

‘atop’ is a powerful interactive Linux system and process monitor that provides a comprehensive overview of the system’s performance metrics.

Read More
How to use the command 'turbo' (with examples)

How to use the command 'turbo' (with examples)

The ’turbo’ command represents a high-performance build system tailored for JavaScript and TypeScript codebases.

Read More
How to use the command 'thunderbird' (with examples)

How to use the command 'thunderbird' (with examples)

Thunderbird is a free and open-source email client and RSS reader developed by Mozilla.

Read More