Certbot allows simple, quick and free provisioning of SSL certificates using LetsEncrypt.

How to install Certbot

1
2
3

sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot

Option 2

1
2

apt update
apt install certbot

How to run Certbot

If you want to run the automated setup and get your certificate installed directly to apache, then:

1

sudo certbot --apache

If you only want the certificate, then:

1

sudo certbot certonly --apache

How to test the automatic renewal

1

sudo certbot renew --dry-run

How to get Wildcard certificates provisioned

Sometimes you want a little more out of your certificates. Such as wildcards (*.example.com).

For this you will need to do a couple things more.

1

certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com

This will ask you to create a TXT record on your DNS zone to verify that you are the owner before creating the certificate for you.

Where are my certificates now?

By default, Certbot will place your certificates under /etc/letsencrypt/*

1

/etc/letsencrypt/live/example.com/fullchain.pem

..and the key can be found here:

1

/etc/letsencrypt/live/example.com/privkey.pem

You can always ask Certbot where things are:

1

certbot certificates