steps:
-
run & configure nginx
-
register pebble acme server with certbot
sudo certbot register --server https://localhost:14000/dir
-
create conf file:
sudo chmod -R 755 /etc/letsencrypt sudo nano /etc/letsencrypt/cli.ini
rsa-key-size = 4096 # Uncomment and update to register with the specified e-mail address # email = foo@example.com # Uncomment to automatically agree to the terms of service of the ACME server agree-tos = true # An example of using an alternate ACME server that uses EAB credentials # server = https://acme.sectigo.com/v2/InCommonRSAOV # eab-kid = somestringofstuffwithoutquotes # eab-hmac-key = yaddayaddahexhexnotquoted # test pebble server server = https://localhost:14000/dir http-01-port = 5002 no-verify-ssl = true
-
create cert w pebble & configure nginx to use it:
sudo certbot --nginx
-
show cert(s):
sudo certbot certificates
-
view nginx config changes:
cat /usr/local/etc/nginx/servers/myCertbotTarget.conf
-
simulate cert renewal :
sudo certbot renew --dry-run
This command attempts to renew any previously-obtained certificates that expire in less than 30 days.
-
show cert(s) after renewal dry run (no changes):
sudo certbot certificates
-
forced cert renewal:
sudo certbot renew --force-renewal
-
revoke cert:
sudo certbot revoke --cert-name mycertbot.test
-
show (lack of) cert(s) after revocation:
sudo certbot certificates