# Certbot Overview and Examples
Certbot is a popular tool for automatically using Let's Encrypt certificates on manually-administrated domains. It simplifies the process of obtaining and
renewing SSL/TLS certificates.
## Basic Certbot Commands
### 1. Obtain a new certificate (HTTP challenge)
### 2. Obtain a new certificate (DNS challenge)
### 3. Renew all certificates
### 4. View all certificates
## Advanced Examples
### 1. Update certificates with additional domains (expand)
This command adds new domains to an existing certificate without creating a new certificate.
### 2. Obtain certificate with specific DNS challenge
This requires you to manually add a TXT record to your DNS for domain validation.
### 3. Obtain certificate with webroot challenge
This method uses a web server to place challenge files in a specified directory.
### 4. Obtain certificate with standalone challenge
This runs a temporary web server to handle the challenge.
### 5. Obtain wildcard certificate
This requires DNS validation for wildcard certificates.
## Important Notes
1. **Certificate Location**: Certbot typically stores certificates in `/etc/letsencrypt/live/`
2. **Renewal**: Certificates expire after 90 days, so set up automatic renewal
3. **Challenges**:
- HTTP: Requires web server access
- DNS: Requires DNS record modification
- TLS-ALPN: Requires TLS support on port 443
4. **Post-hook**: You can add commands to run after certificate renewal:
Certbot simplifies the process of obtaining and maintaining SSL certificates, making it easier to secure your websites with Let's Encrypt certificates.
Certbot is a popular tool for automatically using Let's Encrypt certificates on manually-administrated domains. It simplifies the process of obtaining and
renewing SSL/TLS certificates.
## Basic Certbot Commands
### 1. Obtain a new certificate (HTTP challenge)
sudo certbot certonly --webroot -w /var/www/html -d example.com -d www.example.com### 2. Obtain a new certificate (DNS challenge)
sudo certbot certonly --manual --preferred-challenges dns -d example.com### 3. Renew all certificates
sudo certbot renew### 4. View all certificates
sudo certbot certificates## Advanced Examples
### 1. Update certificates with additional domains (expand)
sudo certbot certonly --cert-name example.com-0001 --expand -d beta.example.com,www.example.com,example.com --manual --preferred-challenges dnsThis command adds new domains to an existing certificate without creating a new certificate.
### 2. Obtain certificate with specific DNS challenge
sudo certbot certonly -d beta.example.com,www.example.com,example.com --manual --preferred-challenges dnsThis requires you to manually add a TXT record to your DNS for domain validation.
### 3. Obtain certificate with webroot challenge
sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.comThis method uses a web server to place challenge files in a specified directory.
### 4. Obtain certificate with standalone challenge
sudo certbot certonly --standalone -d example.comThis runs a temporary web server to handle the challenge.
### 5. Obtain wildcard certificate
sudo certbot certonly --manual --preferred-challenges dns -d *.example.comThis requires DNS validation for wildcard certificates.
## Important Notes
1. **Certificate Location**: Certbot typically stores certificates in `/etc/letsencrypt/live/`
2. **Renewal**: Certificates expire after 90 days, so set up automatic renewal
3. **Challenges**:
- HTTP: Requires web server access
- DNS: Requires DNS record modification
- TLS-ALPN: Requires TLS support on port 443
4. **Post-hook**: You can add commands to run after certificate renewal:
sudo certbot renew --post-hook "systemctl reload nginx"Certbot simplifies the process of obtaining and maintaining SSL certificates, making it easier to secure your websites with Let's Encrypt certificates.