SSL Guide

Getting Started

For this tutorial, Certbot will be used. You can use other open-source clients that utilize Let’s Encrypt if you wish.

Certbot is a free, open-source software tool for automatically using Let’s Encrypt certificates on manually administered websites to enable HTTPS.

Certbot is an interface with the Let’s Encrypt service, a CLI tool for generating and renewing certificates. In this example, Canonical Ubuntu 20.04 will be used.

First, you will want to run some essential commands:

sudo apt update && upgrade
sudo apt install certbot

You can also look into installing either python3-certbot-apache or python3-certbot-nginx as well for automatic usage. The status of these plugins can be viewed using the command below:

certbot plugins

CLI Usage

Standalone mode will be the priority for this tutorial.

--manual: Specifies whether or not plugins will be used to make this automatic

--preferred-challenges: Can either be DNS or HTTP. DNS is the preferred option as for verification you will resort to adding a TXT record to your zone.

--d: Specifies the domain that will be used for renewal

sudo certbot certonly --manual --preferred-challenges dns -d \*.example.com

Note how the domain is wildcarded. This is particularly important for users who wish to maintain an active proxy service with many domains/subdomains.