×

Pages

Labels

Search

×

Pages

×
×

Notice

The site is currently undergoing scheduled maintenance, and may not function correctly. Please come back later.

Advertisement

advertisement

Using Certbot To Create And Manage Manual Certificates Y2019M6D26

These steps cover creating, renewing, and deleting manual certificates with Certbot. The certificates are from LetsEncrypt which, is a free certificate authority. Manual certificates are used when you need to generate a certificate on one machine, and then transfer the certificate to your webserver. The process must be repeated each time you change your certificate.

List All Certificates:
- In terminal type "sudo certbot certificates".


Create A Certificate:
- In terminal type "sudo apt-get update".
- In terminal type "sudo apt-get install certbot".
- In terminal type "sudo certbot certonly --preferred-challenges dns --manual --server https://acme-v02.api.letsencrypt.org/directory --cert-name $name -d $domain".
- Add the requested TXT record to your domain, along with the verification string. Once your DNS records are updated, press enter to continue with verification of this record.
- Your private key is "/etc/letsencrypt/live/$name/privkey.pem", and your CRT is "/etc/letsencrypt/live/$name/cert.pem". You will need both of these files to manually install the certificate on your webserver. Some services may require "/etc/letsencrypt/live/$name/fullchain.pem" instead of "/etc/letsencrypt/live/$name/cert.pem".

Add Certificate on GoDaddy Shared Hosting Account:
- Login to GoDaddy, go to your hosting product, click "cPanel Admin".
- In Cpanel, click "SSL/TLS" in the security section.
- In SSL/TLS, click "Manage SSL sites".
- In Manage Installed SSL Websites, choose a domain, paste your "cert.pem" into the "Certificate: (CRT)" field, and your "privkey.pem" into the "Private Key (KEY)" field, and select "Install Certificate".

Add Certificate on Gitlab Pages:
- Login to GitLab, go to the project, on the side menu go to "settings", go to "pages", by the domain name click "details", click "edit".
- Paste your certificate ("/etc/letsencrypt/live/$name/fullchain.pem") into the certificate field.
- Paste your private key ("/etc/letsencrypt/live/$name/privkey.pem") into the key text box.

Renew A Certificate:
- In terminal type "sudo certbot certonly --preferred-challenges dns --manual --server https://acme-v02.api.letsencrypt.org/directory --cert-name $name -d $domain".
- Add the requested TXT record to your domain, along with the verification string. Once your DNS records are updated, press enter to continue with verification of this record.
- Your private key is "/etc/letsencrypt/live/$name/privkey.pem", and your CRT is "/etc/letsencrypt/live/$name/cert.pem". You will need both of these files to manually install the certificate on your webserver. Some services may require "/etc/letsencrypt/live/$name/fullchain.pem" instead of "/etc/letsencrypt/live/$name/cert.pem".

Delete A Certificate:
- In terminal type "sudo certbot delete --cert-name $name".

Notes:
- This "In terminal type "sudo certbot renew --cert-name $name"" should work for renewal, but doesn't. Instead you have to re-run the original commands, and it will detect that a renewal is needed.
- To make a wildcard certificate use "-d *.$domain".
- These steps use the DNS challenge, but alternatively you can use the http challenge. The challenge is used to verify you control the domain you're creating a certificate for.
- Certificates expire after 90 days. You'll need to repeat the process before then.

Author:James Daniel Marrs Ritchey
License:Comprehensible Open License 3.0
Comprehensible Open License 3.0

Material provided under the terms of this license can be used in any manner, provided the following conditions are met: The authors of the material are not held responsible for any consequence of using the material. The material remains under the terms of this license. The terms of this license are upheld in accordance with the federal laws of Canada in place as of January 1, 2019.

Advertisment

advertisement
Copyright © James Daniel Marrs Ritchey.

Siteviews