LetsEncrypt

certbot – Automatically configure HTTPS using Let’s Encrypt

usage:

certbot [SUBCOMMAND] [options] [-d DOMAIN] [-d DOMAIN] ...
–http-01-port HTTP01_PORTPort used in the http-01 challenge. This only affects the port Certbot listens on. A conforming ACME server will still attempt to connect on port 80. (default: 80)
–https-port HTTPS_PORTPort used to serve HTTPS. This affects which port Nginx will listen on after a LE certificate is installed. (default: 443)

manage certificates

certificatesDisplay information about certificates you have from Certbot
revokeRevoke a certificate (supply –cert-name or –cert-path)
deleteDelete a certificate (supply –cert-name)
reconfigureUpdate a certificate’s configuration (supply –cert-name)
$ certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: ***
    Serial Number: ***
    Key Type: ***
    Domains: ***
    Expiry Date: ***
    Certificate Path: ***
    Private Key Path: ***
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Plugins

Standalone (local web server)

Open port 80

certbot certonly --standalone -d mydomain.com

Close port 80

Manual

certbot certonly --manual -d 'ithero.eu'

Files get created in /etc/letsencrypt/live/ithero.eu :

  • cert.pem
  • chain.pem
  • fullchain.pem
  • privkey.pem

Misc

certbot
          paths:
            Flags for changing execution paths & servers

            --cert-path CERT_PATH
                                  Path to where certificate is saved (with auth --csr),
                                  installed from, or revoked. (default: None)
            --key-path KEY_PATH   Path to private key for certificate installation or
                                  revocation (if account key is missing) (default: None)
            --fullchain-path FULLCHAIN_PATH
                                  Accompanying path to a full certificate chain
                                  (certificate plus chain). (default: None)
            --chain-path CHAIN_PATH
                                  Accompanying path to a certificate chain. (default:
                                  None)
            --config-dir CONFIG_DIR
                                  Configuration directory. (default: /etc/letsencrypt)
            --work-dir WORK_DIR   Working directory. (default: /var/lib/letsencrypt)
            --logs-dir LOGS_DIR   Logs directory. (default: /var/log/letsencrypt)
            --server SERVER       ACME Directory Resource URI. (default:
                                  https://acme-v02.api.letsencrypt.org/directory)

Tasks

Move files

If ran with sudo, the folder is owned by root:

cp -rL /etc/letsencrypt/live/ithero.eu ~/Documents/certificates/
chown -R me:me ~/Documents/certificates/ithero.eu

Hosteurope

Certificatefullchain.pem
Keyprivkey.pem

Synology

Control Panel -> Security -> Certificate

Add -> Replace an existing certificate -> Import certificate

Private Keyprivkey.pem
Certificatefullchain.pem