Certbot - Install SSL

# Certbot - Install SSL ###### tags: `Ubuntu` `Technology` > **Date**：2024/02/21 > **Taker**：Sin ## Installation ### Install Snap ```bash sudo apt install snapd ``` ### Run the following commands to update Snap ```bash sudo snap install core sudo snap refresh core ``` ### Remove any existing Certbot packages to avoid possible conflicts ```bash sudo apt-get remove certbot ``` ### Install Certbot ```bash sudo snap install --classic certbot ``` ### Configure a symbolic link to the Certbot directory ```bash sudo ln -s /snap/bin/certbot /usr/bin/certbot ``` ## Usage ### Either get and install certificates ```bash sudo certbot --apache ``` ### Delete SSL Certificate ```bash sudo certbot delete --cert-name {domain} ``` ### Show the list of certificates ```bash sudo certbot certificates ``` ### Renew certificates ```bash sudo certbot renew --dry-run ``` ### Install certificates with wildcard domain ```bash sudo certbot certonly --apache --preferred-challenges=dns --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.domain.com' ``` ### Install certificates with wildcard domain in China (Custom Nginx) #### Create a file named `authenticator.sh` in `/etc/letsencrypt/` ```bash sudo vim /etc/letsencrypt/authenticator.sh ``` ```bash #!/bin/bash # Authenticator hook script for certbot # This script should perform the necessary steps to authenticate domain ownership # and fulfill the challenge specified by Let's Encrypt. # Add your authentication logic here # Example: Output the DNS challenge information echo "DNS challenge information:" echo "Domain: _acme-challenge.${CERTBOT_DOMAIN}" echo "Token: ${CERTBOT_VALIDATION}" # After completing the authentication, you may need to propagate the changes or perform other tasks. ``` #### Set the file permissions ```bash sudo chmod +x /etc/letsencrypt/authenticator.sh ``` #### Run the following command to install the SSL certificate ```bash sudo certbot certonly --manual --preferred-challenges=dns --manual-auth-hook /etc/letsencrypt/authenticator.sh --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d '*.domain.com' ```