Skip to content
Docs
GitHub

Certbot

Certbot can obtain and install HTTPS/TLS/SSL certificates thru LetsEncrypt.

Installation

Section titled “Installation”
sudo apt install certbot

Plugin for nginx

sudo apt install python3-certbot-nginx

Usage

Section titled “Usage”
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...

Flags

Section titled “Flags”
Certbot can obtain and install HTTPS/TLS/SSL certificates.  By default,
it will attempt to use a webserver both for obtaining and installing the
certificate. The most common SUBCOMMANDS and flags are:

obtain, install, and renew certificates:
    (default) run   Obtain & install a certificate in your current webserver
    certonly        Obtain or renew a certificate, but do not install it
    renew           Renew all previously obtained certificates that are near
expiry
    enhance         Add security enhancements to your existing configuration
   -d DOMAINS       Comma-separated list of domains to obtain a certificate for

  (the certbot apache plugin is not installed)
  --standalone      Run a standalone webserver for authentication
  (the certbot nginx plugin is not installed)
  --webroot         Place files in a server's webroot folder for authentication
  --manual          Obtain certificates interactively, or using shell script
hooks

   -n               Run non-interactively
  --test-cert       Obtain a test certificate from a staging server
  --dry-run         Test "renew" or "certonly" without saving any certificates
to disk

manage certificates:
    certificates    Display information about certificates you have from Certbot
    revoke          Revoke a certificate (supply --cert-path or --cert-name)
    delete          Delete a certificate

manage your account:
    register        Create an ACME account
    unregister      Deactivate an ACME account
    update_account  Update an ACME account
  --agree-tos       Agree to the ACME server's Subscriber Agreement
   -m EMAIL         Email address for important account notifications

More detailed help:

  -h, --help [TOPIC]    print this message, or detailed help on a topic;
                        the available TOPICS are:

   all, automation, commands, paths, security, testing, or any of the
   subcommands or plugins (certonly, renew, install, register, nginx,
   apache, standalone, webroot, etc.)
  -h all                print a detailed help page including all topics
  --version             print the version number

Examples

Section titled “Examples”

Requesting certificate (with nginx plugin)

Section titled “Requesting certificate (with nginx plugin)”
$ sudo certbot
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: site1.example.com
2: site2.example.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Certificate via DNS-challenge specific sub-domain

Section titled “Certificate via DNS-challenge specific sub-domain”
sudo certbot certonly -d test.example.com --preferred-challenges=dns --manual

Certificate via DNS-challenge wildcard

Section titled “Certificate via DNS-challenge wildcard”
sudo certbot certonly --preferred-challenges=dns --manual

List certificates on server managed by Certbot

Section titled “List certificates on server managed by Certbot”
sudo certbot certificates

Remove certificate managed by Certbot

Section titled “Remove certificate managed by Certbot”
sudo certbot delete --cert-name <certificate>

URL List

Section titled “URL List”