Certbot allows simple, quick and free provisioning of SSL certificates using LetsEncrypt.
How to install Certbot
Option 1 (recommended)
sudo snap install core; sudo snap refresh core
sudo snap install --classic certbot
sudo ln -s /snap/bin/certbot /usr/bin/certbot
Option 2
apt update
apt install certbot
How to run Certbot
If you want to run the automated setup and get your certificate installed directly to apache, then:
sudo certbot --apache
If you only want the certificate, then:
sudo certbot certonly --apache
How to test the automatic renewal
sudo certbot renew --dry-run
How to get Wildcard certificates provisioned
Sometimes you want a little more out of your certificates. Such as wildcards (*.example.com).
For this you will need to do a couple things more.
certbot certonly --manual --preferred-challenges=dns --email [email protected] --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d *.example.com
This will ask you to create a TXT record on your DNS zone to verify that you are the owner before creating the certificate for you.
Where are my certificates now?
By default, Certbot will place your certificates under /etc/letsencrypt/*
/etc/letsencrypt/live/example.com/fullchain.pem
..and the key can be found here:
/etc/letsencrypt/live/example.com/privkey.pem
You can always ask Certbot where things are:
certbot certificates
