Installation
sudo apt update
sudo apt install certbot
If using nginx, also install the plugin:
sudo apt install certbot python3-certbot-nginx
If applying for a wildcard certificate using DNS, install the plugin:
sudo apt install python3-certbot-dns-cloudflare
Request Certificate
No web server used:
sudo certbot certonly -d domain.com -d '*.domain.com'
Using nginx
sudo certbot --nginx -d yourdomain
Using DNS
Taking Cloudflare as an example:
- Cloudflare management account > Account API Tokens > API Token Templates > Edit Zone DNS
- Install plugin
sudo apt install python3-certbot-dns-cloudflare - Create the file
/etc/letsencrypt/cloudflare.iniand place the parameter inside:dns_cloudflare_api_token = your token - Run
sudo certbot certonly -d yourdomainand choose DNS authentication when prompted.
It is not recommended to remove
cloudflare.iniafter applying. Certbot needs this file for automatic renewal.
Using the Certificate
After configuration, the terminal will display the paths for the certificate and private key, which can be set in ssl_certificate and ssl_certificate_key for use.
For other configuration parts, refer to nginx reverse proxy basics
View all certificates
sudo certbot certificates
Delete certificate
sudo certbot delete --cert-name certificate name
Note
Certbot will automatically add relevant configurations to nginx's etc/nginx/sites-available/default file. This may conflict with your site configuration file. You can comment out lines marked with # managed by Certbot.