LetsEncrypt
certbot – certbot script documentation
usage:
certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...| –http-01-port HTTP01_PORT | Port used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. (default: 80) |
| –https-port HTTPS_PORT | Port used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. (default: 443) |
Plugins
Standalone (local web server)
Open port 80
certbot certonly --standalone -d mydomain.comClose port 80
Manual
certbot certonly --manual -d 'ithero.eu'Files get created in /etc/letsencrypt/live/ithero.eu :
- cert.pem
- chain.pem
- fullchain.pem
- privkey.pem
Misc
certbot
paths:
Flags for changing execution paths & servers
--cert-path CERT_PATH
Path to where certificate is saved (with auth --csr),
installed from, or revoked. (default: None)
--key-path KEY_PATH Path to private key for certificate installation or
revocation (if account key is missing) (default: None)
--fullchain-path FULLCHAIN_PATH
Accompanying path to a full certificate chain
(certificate plus chain). (default: None)
--chain-path CHAIN_PATH
Accompanying path to a certificate chain. (default:
None)
--config-dir CONFIG_DIR
Configuration directory. (default: /etc/letsencrypt)
--work-dir WORK_DIR Working directory. (default: /var/lib/letsencrypt)
--logs-dir LOGS_DIR Logs directory. (default: /var/log/letsencrypt)
--server SERVER ACME Directory Resource URI. (default:
https://acme-v02.api.letsencrypt.org/directory)Tasks
Move files
If ran with sudo, the folder is owned by root:
cp -rL /etc/letsencrypt/live/ithero.eu ~/Documents/certificates/
chown -R me:me ~/Documents/certificates/ithero.euHosteurope
| Certificate | fullchain.pem |
| Key | privkey.pem |
Synology
Control Panel -> Security -> Certificate
Add -> Replace an existing certificate -> Import certificate
| Private Key | privkey.pem |
| Certificate | fullchain.pem |