386+ Tools Comprehensive Tools for Webmasters, Developers & Site Optimization

Let's Encrypt Command Generator - Generate Certbot Commands

Let's Encrypt Command Generator

Generate certbot commands for obtaining free SSL/TLS certificates.

For renewal and security notices

About Let's Encrypt & Certbot

Let's Encrypt is a free, automated, and open Certificate Authority providing free SSL/TLS certificates. Certbot is the official client for obtaining and managing these certificates.

Certificate Scenarios

Automatically obtains and installs certificate for Nginx. Certbot will:

  • Obtain the certificate
  • Modify Nginx configuration
  • Set up HTTPS redirection
  • Configure auto-renewal

Requirements: Nginx must be installed and running with a configured server block for your domain.

Pro tip: Ensure your domain points to your server's IP before running certbot.

Similar to Nginx mode but for Apache web server. Automatically configures Apache for HTTPS.

Requirements: Apache must be installed with mod_ssl enabled.

sudo a2enmod ssl
sudo systemctl restart apache2

Certbot runs its own temporary web server on port 80 to verify domain ownership.

Use case: When you don't have a web server running or want manual certificate management.

Important: Port 80 must be free. Stop your web server before running:
sudo systemctl stop nginx

After obtaining the certificate, you'll need to manually configure your web server to use it.

Places verification files in your website's document root. Your web server continues running.

Use case: When you have a running web server and want to manage SSL configuration manually.

Webroot path examples:

  • Nginx: /var/www/html
  • Apache: /var/www/html
  • Custom: Whatever your document root is

Covers all subdomains (*.example.com) using DNS validation.

Process:

  1. Certbot will ask you to create a TXT record
  2. Add the record to your DNS provider
  3. Wait for DNS propagation (usually 1-5 minutes)
  4. Press Enter to complete verification

Automated DNS validation: Install DNS plugins for your provider:

  • Cloudflare: certbot-dns-cloudflare
  • Route53: certbot-dns-route53
  • DigitalOcean: certbot-dns-digitalocean

Certificate Renewal

Let's Encrypt certificates are valid for 90 days. Certbot automatically installs a cron job or systemd timer for renewal.

Manual Renewal Testing

Test renewal (dry run):

sudo certbot renew --dry-run

Force renewal:

sudo certbot renew --force-renewal

Check renewal timer:

sudo systemctl status certbot.timer

Certificate Management

Command Description
certbot certificates List all certificates
certbot delete --cert-name example.com Delete a certificate
certbot revoke --cert-path /path/to/cert.pem Revoke a certificate
certbot renew Renew all certificates

Installation

Ubuntu/Debian
sudo apt update
sudo apt install certbot
sudo apt install python3-certbot-nginx
CentOS/RHEL
sudo yum install epel-release
sudo yum install certbot
sudo yum install python-certbot-nginx

Troubleshooting

Domain validation failed:

  • Ensure domain points to correct IP
  • Check firewall allows port 80
  • Verify web server is running
  • Check DNS propagation with dig example.com

Rate limits:

  • 50 certificates per domain per week
  • Use --dry-run for testing
  • Staging environment available for testing
Quick Commands

Install certbot:

sudo apt install certbot

List certificates:

sudo certbot certificates

Test renewal:

sudo certbot renew --dry-run

View logs:

sudo tail -f /var/log/letsencrypt/letsencrypt.log

Certificate location:

/etc/letsencrypt/live/example.com/
Certificate Files

fullchain.pem

Certificate + chain (use in nginx/apache)

privkey.pem

Private key

cert.pem

Certificate only

chain.pem

Intermediate certificates

Best Practices
  • Always use --dry-run first
  • Set up monitoring for renewal
  • Keep certbot updated
  • Use strong ciphers in web server
  • Enable HSTS header
  • Test with SSL Labs after setup
Related Tools