Certbot Cheat Sheet

Some things I do frequently ...

See also: SSL/TLS Certificate Cheat Sheet

Establish a New Certificate

I am normally establishing certificates on web sites under Apache httpd, so this is how I do it:

certbot --apache --redirect -d example.com,www.example.com

or

certbot --apache --no-redirect -d example.com,www.example.com

Annoyingly, this adds a new file with a VirtualHost entry for the secure site, instead of adding it to the existing file. To keep things organized, I end up having to combine the two files manually. I know it knows how to modify an existing file, because it does so for the redirect. I wish I could find an option to tell it to just put it all in the same file.

Delete a Certificate

I assume this tells Letsencrypt about the deletion, so it won't send me email reminding me to renew it.

sudo certbot delete --cert-name example.com

It doesn't do anything to the httpd configuration. You'll have to remove that yourself (which is certainly for the best).

Certificate Only

"To just obtain the certificate without installing it anywhere, the certbot certonly command can be used."

sudo certbot certonly --apache -d example.com,www.example.com

If I don't want to use apache for authentication, then I should leave off the --apache option, and I'll be prompted for the authentication method.

sudo certbot certonly -d example.com,www.example.com