Ssl Certbot
We know that using SSL (Secure Sockets Layer) certificates is very important for websites and online services. SSL certificates encrypt the communication between users and servers, protecting data from being eavesdropped or tampered with.
In this chapter, we will introduce how to use the Certbot tool to apply for a free SSL certificate.
## What is Certbot?
Certbot is an open-source automation tool for obtaining and renewing free SSL/TLS certificates provided by Let's Encrypt.
Let's Encrypt is a certificate authority (CA) operated by the Internet Security Research Group (ISRG). It provides an automated process for generating and updating certificates, making it easy for website administrators to enable HTTPS encryption for their sites.
**The main features of Certbot include:**
* **Automation**: It can automatically verify domain ownership and apply for certificates.
* **Free**: It uses free certificates provided by Let's Encrypt.
* **Compatibility**: Supports multiple web servers such as Apache, Nginx, and more.
* **Ease of use**: Provides a command-line interface, making installation and usage simple.
* **Renewal**: Automatically handles certificate renewal to ensure the website's HTTPS connection remains valid.
Certificates issued by Let's Encrypt are valid for 90 days. Certbot will automatically configure certificate renewal tasks to ensure the certificates do not expire.
* * *
## Certbot Installation
### 1. Install Certbot on Ubuntu/Debian Systems
**Using APT to install:**
sudo apt update sudo apt install certbot
After installation, Certbot is ready to use.
**Installing the Snap version:**
Snap is the officially recommended installation method for Certbot, especially for long-term support Ubuntu versions.
sudo snap install core sudo snap refresh core sudo snap install --classic certbot sudo ln -s /snap/bin/certbot /usr/bin/certbot # This step ensures the certbot command can be used globally
### 2. Install Certbot on CentOS/RHEL Systems
Install the EPEL repository (applicable to CentOS 7 and below):
sudo yum install epel-release sudo yum install certbot
### 3. Install Certbot on macOS
On macOS, you can use Homebrew to install Certbot:
brew install certbot
For more content, we can check the Certbot website [https://certbot.eff.org/](https://certbot.eff.org/) for installation methods on various system platforms:
!(#)
After installation, use the following command to check the installed version of certbot:
certbot --version
* * *
## Certificate Application and Renewal
After installing certbot, you can use the following command to apply for a certificate. Note that *. is your own domain name and needs to be modified:
certbot certonly -d *. --manual --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory
After executing the above command, fill in the information:
Saving debug log to /var/log/letsencrypt/letsencrypt.log Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): xxx@qq.com. # Enter your email address here- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.4-April-3-2024.pdf. You must agree in order to register with the ACME server. Do you agree?- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: Y # Enter Y- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Would you be willing, once your first certificate is successfully issued, to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about our work encrypting the web, EFF news, campaigns, and ways to support digital freedom.- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -(Y)es/(N)o: Y # Enter YAccount registered.Requesting a certificate for *. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -Please deploy a DNS TXT record under the name: xxxxxxx.. # Here you need to set up domain resolution, go to your domain backend to fill in the information, see the image belowwith the following value: aIwqY00CZtziVwr-xxxxxxxxxxxxxx # This is the content of the domain resolution, see the image belowBefore continuing, verify the TXT record has been deployed. Depending on the DNS provider, this may take some time, from a few seconds to multiple minutes. You can check if it has finished deploying with aid of online tools, such as the GoogleAdmin Toolbox: for one or more bolded line(s) below the line ';ANSWER'. It should show the value(s) you've just added. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Press Enter to Continue # After setting up the domain resolution as shown in the image below, press Enter to generate it. Remember to complete the resolution settings first before pressing Enter.
YouTip