Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Let's encrypt - generate SSL certificate manually via Cerbot DNS Challenge

Install Certbot


$ brew install certbot


Add Certbot PPA to APT repository list

$ apt-get update
$ apt-get install software-properties-common
$ add-apt-repository universe
$ add-apt-repository ppa:certbot/certbot
$ apt-get update

Install Certbot

$ apt-get install certbot python-certbot-apache

Generate SSL certificate

1. Run Certbot

$ certbot certonly \
    --manual \ # Run in manual mode
    --agree-tos \ # Aggree with Terms and Conditions
    --manual-public-ip-logging-ok \ # Agree with public ip logging
    --preferred-challenges dns-01 \ # Set preferred challenges
    --rsa-key-size 4096 \ # Set private key size
    -d $DOMAIN # Domain - can be used multiple times for a set of domains

2. Verify domain via DNS TXT record

You will be asked to create DNS TXT record for given domain on _acme-challenge.domain.tld.

Verification of DNS TXT record value

$ host -t txt $DOMAIN

Once TXT record is returning required hash value, certificate generation process should proceed.

This step might be repetable for each domain which you want to have associated with certificate.

3. Get generated private key and fullchain certificate file

Once previous step is successfully finished cerfitificates can be found as /etc/letsencrypt/live/$DOMAIN/fullchain.pem and /etc/letsencrypt/live/$DOMAIN/privatekey.pem files.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment