Trace:

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
Next revisionBoth sides next revision
deb11:certbot [2021/12/24 13:16] – created Bernard Condraudeb11:certbot [2021/12/24 14:32] Bernard Condrau
Line 1: Line 1:
 ====== Certbot ====== ====== Certbot ======
 +The following walk through works on Debian 9, 10, and 11.
 +
 +===== Installation =====
   - Install snapd<code>sudo apt update   - Install snapd<code>sudo apt update
-sudo apt install snapd</code>+sudo apt install snapd 
 +sudo snap install core 
 +sudo snap refresh core</code> 
 +  - Remove previously installed certbot packages<code>sudo apt remove --purge certbot 
 +sudo rm /usr/local/bin/certbot-auto</code> 
 +  - Remove certbot renewal entry in crontab 
 +  - Install certbot through snap<code>sudo snap install --classic certbot 
 +sudo ln -s /snap/bin/certbot /usr/bin/certbot</code> 
 +  - Test automatic renewal<code>sudo certbot renew --dry-run</code> 
 +  - Check that the certbot renewal service has been set up<code>systemctl list-timers</code> 
 + 
 +===== Maintenance ===== 
 +  * If you have existing SSL VirtualHost definitions you need to copy a certificate from another site or webserver to /etc/letsencrypt/live and point the certificate in the virtual host file to that certificate before starting/restarting apache. This is necessary for certbot to run, and certbot will later replace the certificate with a valid one. 
 +  * Run certbot and register sites:<code>certbot</code> 
 +  * Check certificates:<code>certbot certificates</code> 
 +  * Add domains to certificate:<code>certbot --expand -d example.com,www.example.com,click.example.com 
 +certbot certonly --webroot --agree-tos -w /srv/www/letsencrypt/ --expand -d example.com,www.example.com,click.example.com</code> 
 +  * Revoke and optionally delete certificate:<code>certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem</code> 
 +  * Delete certificate:<code>certbot delete --cert-name www.example.com</code> 
 +  * Delete listed domains:<code>certbot delete</code> 
 +  * All sites must be accessible through port 80 when renewing certificates. 
 + 
 +==== Links ==== 
 +  * [[https://certbot.eff.org/instructions?ws=apache&os=debianbuster|certbot instructions: Apache on Debian 10]] 
 +  * [[https://eff-certbot.readthedocs.io/en/stable/uninstall.html|Uninstalling certbot-auto]]

Know How

© 2007-2024 Bernard Condrau - Powered by DokuWiki