Skip to main content

SSL Guide

Getting Started

For this tutorial Certbot will be used. Other open source clients which utilize Let's Encrypt as well however.

Certbot is a free, open source software tool for automatically using Let’s Encrypt certificates on manually-administrated websites to enable HTTPS.

Certbot is an interface with Let's Encrypt service, a CLI tool that can be used to generate and renew your certificates. With this example Canonical Ubuntu 20.04 will be used.

First you will want to run essential commands:

sudo apt update && upgrade
sudo apt install certbot

You can also look into installing either python3-certbot-apache or python3-certbot-nginx as well for automatic usage. The status of these plugins can be viewed using the command below:

certbot plugins

CLI Usage

Standalone mode will be the priority for this tutorial.

--manual: Specifies whether or not plugins will be used to make this automatic

--preferred-challenges: Can either be DNS or HTTP. DNS is the preferred option as for verification you will resort to adding a TXT record to your zone.

--d: Specifies the domain that will be used for renewal

sudo certbot certonly --manual --preferred-challenges dns -d \*.example.com

Note how the domain is wildcarded. This is particularly important for users who wish to maintain an active proxy service with many domains/subdomains.