Certbot Utility for Let's Encrypt - Command Reference and Examples


List Installed Certificates

$ sudo certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Revocation status for /etc/letsencrypt/live/admin.google.com/cert.pem is unknown

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: admin.google.com
    Domains: admin.google.com
    Expiry Date: 2018-11-27 18:30:50+00:00 (INVALID: EXPIRED)
    Certificate Path: /etc/letsencrypt/live/admin.google.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/admin.google.com/privkey.pem
  Certificate Name: news.yahoo.com
    Domains: news.yahoo.com
    Expiry Date: 2019-04-15 23:05:31+00:00 (VALID: 82 days)
    Certificate Path: /etc/letsencrypt/live/news.yahoo.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/news.yahoo.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Obtaining a Certificate

Using the Apache Plugin

The apache plugin uses the http-01 challenge type on port 80:

Automates obtaining and installing a certificate with Apache.
sudo certbot -d privacy.google.com --apache --agree-tos

Renewing a Certificate

Remove the --dry-run flag to actually go through with the renewal:

sudo certbot renew --cert-name privacy.google.com --dry-run

Deleting a Certificate

CLI Docs for the delete Command

$ certbot -h delete
usage:

  certbot delete --cert-name CERTNAME

optional arguments:
  -h, --help            show this help message and exit
  -c CONFIG_FILE, --config CONFIG_FILE
                        path to config file (default: /etc/letsencrypt/cli.ini
                        and ~/.config/letsencrypt/cli.ini)

delete:
  Options for deleting a certificate

  --cert-name CERTNAME  Certificate name to apply. This name is used by
                        Certbot for housekeeping and in file paths; it doesn't
                        affect the content of the certificate itself. To see
                        certificate names, run 'certbot certificates'. When
                        creating a new certificate, specifies the new
                        certificate's name. (default: the first provided
                        domain or the name of an existing certificate on your
                        system for the same domains)

Example delete Command

Find the cert-name of the certificate you wish to delete via the certbot certificates command (example above), and pass it to the certbot delete command as follows:

$ sudo certbot delete --cert-name admin.google.com
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Deleted all files relating to certificate admin.google.com.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -


Comments:


Gravatar of Kyle Jones

Knowledge Base is a repository for various notes, guides, and thoughts on a wide range of IT related topics. Read more...

Sponsored By:


Web development services by Say Web Solutions. Visit website.