# Let's Encrypt & Certbot

### Installation

##### Ubunutu

```
add-apt-repository ppa:certbot/certbot
apt-get update && apt-get install python-certbot
```

##### CentOS

```
yum install epel-release
yum install python-certbot certbot
```

### Certbot

<p class="callout warning">You must stop anything on port 443/80 before starting certbot</p>

```
certbot certonly --standalone  -d example.com
```

<p class="callout info">You can use the crt/privkey from this path</p>

```
ls /etc/letsencrypt/live/example.com
```

> cert.pem chain.pem fullchain.pem privkey.pem README

If you need a DH for you web.conf you can do

```
openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
```

##### Renew crt

```
crontab -e
```

```
15 3 * * * /usr/bin/certbot renew --quiet
```

## Wildcard certbot dns plugin

Install certbot nginx

```
apt install python3-pip
pip3 install certbot-dns-digitalocean
```

```
mkdir -p ~/.secrets/certbot/
vim ~/.secrets/certbot/digitalocean.ini
```

> dns\_digitalocean\_token = XXXXXXXXXXXXXXX

Certbot config

```
certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d www.domain.com
```

```
corontab -e
```

> 15 3 \* \* \* /usr/bin/certbot renew --quiet