Skip to content

Instantly share code, notes, and snippets.

What would you like to do?


  • run & configure nginx

  • run pebble acme server

  • install certbot

  • register pebble acme server with certbot

    sudo certbot register --server https://localhost:14000/dir
  • create conf file:

    sudo chmod -R 755 /etc/letsencrypt
    sudo nano /etc/letsencrypt/cli.ini
    rsa-key-size = 4096
    # Uncomment and update to register with the specified e-mail address
    # email =
    # Uncomment to automatically agree to the terms of service of the ACME server
    agree-tos = true
    # An example of using an alternate ACME server that uses EAB credentials
    # server =
    # eab-kid = somestringofstuffwithoutquotes
    # eab-hmac-key = yaddayaddahexhexnotquoted
    # test pebble server
    server = https://localhost:14000/dir
    http-01-port = 5002
    no-verify-ssl = true
  • create cert w pebble & configure nginx to use it:

    sudo certbot --nginx
  • show cert(s):

    sudo certbot certificates
  • view nginx config changes:

    cat /usr/local/etc/nginx/servers/myCertbotTarget.conf
  • simulate cert renewal :

    sudo certbot renew  --dry-run

    This command attempts to renew any previously-obtained certificates that expire in less than 30 days.

  • show cert(s) after renewal dry run (no changes):

    sudo certbot certificates
  • forced cert renewal:

    sudo certbot renew --force-renewal
  • revoke cert:

    sudo certbot revoke --cert-name  mycertbot.test
  • show (lack of) cert(s) after revocation:

    sudo certbot certificates
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment