Differences

This shows you the differences between two versions of the page.

--- deb11:certbot [2021/12/24 14:25] – Bernard Condrau
+++ deb11:certbot [2021/12/24 14:32] – Bernard Condrau
@@ Line 1: / Line 1: @@
 ====== Certbot ======
 The following walk through works on Debian 9, 10, and 11.
+===== Installation =====
   - Install snapd<code>sudo apt update
 sudo apt install snapd
@@ Line 12: / Line 14: @@
   - Test automatic renewal<code>sudo certbot renew --dry-run</code>
   - Check that the certbot renewal service has been set up<code>systemctl list-timers</code>
+===== Maintenance =====
+  * If you have existing SSL VirtualHost definitions you need to copy a certificate from another site or webserver to /etc/letsencrypt/live and point the certificate in the virtual host file to that certificate before starting/restarting apache. This is necessary for certbot to run, and certbot will later replace the certificate with a valid one.
+  * Run certbot and register sites:<code>certbot</code>
+  * Check certificates:<code>certbot certificates</code>
+  * Add domains to certificate:<code>certbot --expand -d example.com,www.example.com,click.example.com
+certbot certonly --webroot --agree-tos -w /srv/www/letsencrypt/ --expand -d example.com,www.example.com,click.example.com</code>
+  * Revoke and optionally delete certificate:<code>certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem</code>
+  * Delete certificate:<code>certbot delete --cert-name www.example.com</code>
+  * Delete listed domains:<code>certbot delete</code>
+  * All sites must be accessible through port 80 when renewing certificates.
 ==== Links ====
   * [[https://certbot.eff.org/instructions?ws=apache&os=debianbuster|certbot instructions: Apache on Debian 10]]
   * [[https://eff-certbot.readthedocs.io/en/stable/uninstall.html|Uninstalling certbot-auto]]

Differences

Know How