sudo apt update
sudo apt install snapd
sudo snap install --classic certbot
docker run -it -v certs:/etc/letsencrypt --entrypoint /bin/sh certbot/certbot:latest
- create a server and point your dns to the public ip
- enter to the server and execute
certbot certonly --standalone
- accept the aggrement & billing
- enter your domain or subdomain
- wait some seconds and the success log should be like:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): jane.doe.com
Requesting a certificate for jane.doe.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/jane.doe.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/jane.doe.com/privkey.pem
This certificate expires on 2024-01-17.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- your certs will be located in
/etc/letsencrypt/live/jane.doe.com
/etc/letsencrypt/live/jane.doe.com/cert.pem
/etc/letsencrypt/live/jane.doe.com/privkey.pem
/etc/letsencrypt/live/jane.doe.com/chain.pem
/etc/letsencrypt/live/jane.doe.com/README
/etc/letsencrypt/live/jane.doe.com/fullchain.pem
By default all the servers has the 80 port ready to use, so if you want to dowload the certificates
- compress the entire /etc/letsencrypt/
- move the resulted file into some folder like /tmp/foo
- go to /tmp/foo and execute
python -m http.server 80
- enter to the public ip or domain using your favourite browser and download it
certbot certificates
certbot certonly -d abc.com --manual
- enter your mail
- accept : Please read the Terms of Service
- accept or not : Would you be willing
Create a file containing just this data:
b880c9e3-21eb-4c49-930e-e5908b66cb46
And make it available on your web server at this URL:
http://jane.doe.com/.well-known/acme-challenge/7f491e38-6b7c-40bd-8ad4-bc091833058e
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
Then go to the root of server which is already configured to server your domain or subdomain
mkdir -p .well-known/acme-challenge
echo "b880c9e3-21eb-4c49-930e-e5908b66cb46" > .well-known/acme-challenge/7f491e38-6b7c-40bd-8ad4-bc091833058e
Or start a ligth server with python
python3 -m http.server 80
Finally press enter and wait some seconds. The response should look like this:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/jane.doe.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/jane.doe.com/privkey.pem
This certificate expires on 2030-05-21.
These files will be updated when the certificate renews.
NEXT STEPS:
- This certificate will not be renewed automatically. Autorenewal of --manual certificates requires the use of an authentication hook script (--manual-auth-hook) but one was not provided. To renew this certificate, repeat this same certbot command before the certificate's expiry date.
- https://devops4solutions.com/move-lets-encrypt-certs-to-another-server-and-renew-them/
- https://www.digitalocean.com/community/tutorials/how-to-use-certbot-standalone-mode-to-retrieve-let-s-encrypt-ssl-certificates-on-ubuntu-20-04
- https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
- https://snapcraft.io/docs/installing-snap-on-ubuntu
sudo su
mkdir web
cd web
echo "hello world" > index.html
mkdir -p .well-known/acme-challenge
echo "b5c9811c-a190-4104-aa47-ff42eed53299" > .well-known/acme-challenge/723a0a6a-8595-48b9-b74f-67b0af17adf2
python3 -m http.server 80