certbot

Obtain certificate via webroot authorization

$ sudo certbot certonly --webroot -w [path/to/webroot] -d [subdomain.example.com]

$ sudo certbot --nginx -d [subdomain.example.com]

$ sudo certbot --apache -d [subdomain.example.com]

$ sudo certbot renew

$ sudo certbot --webroot -w [path/to/webroot] -d [subdomain.example.com] --dry-run

$ sudo certbot --webroot -w [path/to/webroot] -d [subdomain.example.com] --test-cert

certbot [options] command

certbot is the official Let's Encrypt client for automatically obtaining and renewing free TLS/SSL certificates. It can configure web servers like Apache and Nginx automatically.
Certificates are valid for 90 days. The renew command should be run regularly (typically via cron) to maintain valid certificates.

-d, --domain domain

Domain name for certificate

Webroot path for validation

Use nginx plugin

Use apache plugin

Test without saving

Use staging server (untrusted certificates)

/etc/letsencrypt/renewal/

Per-certificate renewal configuration files controlling automatic renewal behavior.

Global certbot defaults for all certificate operations.

certonly

Obtain certificate without installing

Obtain and install certificate

Renew expiring certificates

Revoke a certificate

Delete a certificate

List installed certificates

Webroot validation requires web server to be running. Rate limits apply on Let's Encrypt production servers. Restart web server after renewal for new certificates to take effect.

certbot was developed by the Electronic Frontier Foundation (EFF) and originally known as the Let's Encrypt client. Let's Encrypt launched in 2016 to provide free, automated TLS certificates.

openssl(1), nginx(8), apache2(8)