List Installed Certificates
$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/admin.google.com/cert.pem is unknown
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: admin.google.com
Domains: admin.google.com
Expiry Date: 2018-11-27 18:30:50+00:00 (INVALID: EXPIRED)
Certificate Path: /etc/letsencrypt/live/admin.google.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/admin.google.com/privkey.pem
Certificate Name: news.yahoo.com
Domains: news.yahoo.com
Expiry Date: 2019-04-15 23:05:31+00:00 (VALID: 82 days)
Certificate Path: /etc/letsencrypt/live/news.yahoo.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/news.yahoo.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Obtaining a Certificate
Using the Apache Plugin
The apache plugin uses the http-01 challenge type on port 80:
Automates obtaining and installing a certificate with Apache.
sudo certbot -d privacy.google.com --apache --agree-tosExample - Adding a Domain to Existing Certificate
sudo certbot certonly --cert-name www.google.com -d google.com,www.google.com,world.google.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
How would you like to authenticate with the ACME CA?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: Apache Web Server plugin (apache)
2: Spin up a temporary webserver (standalone)
3: Place files in webroot directory (webroot)
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate number [1-3] then [enter] (press 'c' to cancel): 1
Plugins selected: Authenticator apache, Installer None
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
You are updating certificate www.google.com to include new domain(s):
+ google.com
You are also removing previously included domain(s):
(None)
Did you intend to make this change?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(U)pdate cert/(C)ancel: U
Renewing an existing certificate
Performing the following challenges:
http-01 challenge for world.google.com
http-01 challenge for google.com
http-01 challenge for www.google.com
Waiting for verification...
Cleaning up challengesCheck details of updated certificate via cert-name:
sudo certbot certificates --cert-name www.google.com
Certificate Name: www.google.com
Domains: google.com world.google.com www.google.com
Expiry Date: 2022-02-09 16:19:07+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.google.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.google.com/privkey.pemRenewing a Certificate
Remove the --dry-run flag to actually go through with the renewal:
sudo certbot renew --cert-name privacy.google.com --dry-runDeleting a Certificate
CLI Docs for the delete Command
$ certbot -h delete
usage:
certbot delete --cert-name CERTNAME
optional arguments:
-h, --help show this help message and exit
-c CONFIG_FILE, --config CONFIG_FILE
path to config file (default: /etc/letsencrypt/cli.ini
and ~/.config/letsencrypt/cli.ini)
delete:
Options for deleting a certificate
--cert-name CERTNAME Certificate name to apply. This name is used by
Certbot for housekeeping and in file paths; it doesn't
affect the content of the certificate itself. To see
certificate names, run 'certbot certificates'. When
creating a new certificate, specifies the new
certificate's name. (default: the first provided
domain or the name of an existing certificate on your
system for the same domains)Example delete Command
Find the cert-name of the certificate you wish to delete via the certbot certificates command (example above), and pass it to the certbot delete command as follows:
$ sudo certbot delete --cert-name admin.google.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate admin.google.com.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -