×

Pages

Labels

Search

×

Pages

×
×

Notice

The site is currently undergoing scheduled maintenance, and may not function correctly. Please come back later.

Advertisement

advertisement

Using Certbot To Create And Manage Manual Certificates

These steps cover creating, renewing, and deleting manual certificates with Certbot. The certificates are from LetsEncrypt which, is a free certificate authority. Manual certificates are used when you need to generate a certificate on one machine, and then transfer the certificate to your webserver. The process must be repeated each time you change your certificate.

List All Certificates:
- In terminal type "sudo certbot certificates".

Create A Certificate:
- In terminal type "sudo apt-get update".
- In terminal type "sudo apt-get install certbot".
- In terminal type "sudo certbot certonly --preferred-challenges dns --manual --server https://acme-v02.api.letsencrypt.org/directory --cert-name $name -d $domain".
- Add the requested TXT record to your domain, along with the verification string. Once your DNS records are updated, click "continue" to verify.
- Your private key is "/etc/letsencrypt/live/$name/privkey.pem", and your CRT is "/etc/letsencrypt/live/$name/cert.pem". You will need both of these files to manually install the certificate on your webserver. Some services may require "/etc/letsencrypt/live/$name/fullchain.pem" instead of "/etc/letsencrypt/live/$name/cert.pem".

Add Certificate on GoDaddy Shared Hosting Account:
- Login to GoDaddy, go to your hosting product, click "cPanel Admin".
- In Cpanel, click "SSL/TLS" in the security section.
- In SSL/TLS, click "Manage SSL sites".
- In Manage Installed SSL Websites, choose a domain, paste your "cert.pem" into the "Certificate: (CRT)" field, and your "privkey.pem" into the "Private Key (KEY)" field, and select "Install Certificate".

Add Certificate on Gitlab Pages:
- Login to GitLab, go to the project, on the side menu go to "settings", go to "pages", by the domain name click "details", click "edit".
- Paste your certificate ("/etc/letsencrypt/live/$name/fullchain.pem") into the certificate field.
- Paste your private key ("/etc/letsencrypt/live/$name/privkey.pem") into the key text box.

Renew A Certificate:
- In terminal type "sudo certbot renew --cert-name $name".

Delete A Certificate:
- In terminal type "sudo certbot delete --cert-name $name".

Notes:
- To make a wildcard certificate use "-d *.$domain".
- These steps use the DNS challenge, but alternatively you can use the http challenge. The challenge is used to verify you control the domain you're creating a certificate for.
- Certificates expire after 90 days. You'll need to repeat the process before then.

License:Comprehensible Open License 2.0

Comprehensible Open License 2.0:

Material provided under the terms of this license can be used, modified, duplicated, and distributed, provided the material remains free of charge, and the author of the material is not held responsible for any consequence of using it.

Advertisment

advertisement
Copyright © James Daniel Marrs Ritchey.

Siteviews