Free SSL certificates

 

Links

• Homepages
• Certbot instructions
• LEGO

HOWTO

Disable auto renewal

Rename renewal file'

/etc/letsencrypt/renewal/example.com.conf.disabled

or in /etc/letsencrypt/renewal/example.com.conf under [renewalparams] add:

autorenew = False

Update cert(s)

certbot

Remove certs/domain

certbot delete --cert-name www.example.com

or run

certbot delete

Which might throw 'Another instance of Certbot is already running.', in that case

systemctl stop certbot

and remember to start it again if you need it

Restart service after renewal

In etc/letsencrypt/renewal/example.com.conf under [renewalparams] add

renew_hook = systemctl reload dovecot

With and without www

certbot --apache -d example.com -d www.example.com

Allow access to non-root user

setfacl -R -m u:someuser:rX /etc/letsencrypt/{live,archive}/example.org, and then
setfacl -m u:someuser:rX /etc/letsencrypt/{live,archive}

FAQ

Certbot Error messages

This website does not supply ownership information.

sod that

archive directory exists

Maybe you're using SNI, try

certbot --apache -d "www.example.com,example"

Failed to parse: https://acme-v02.api.letsencrypt.org/directory

Most likely your system is using an old urllib3, which relies on python3-six. If Ubuntu: switch to Certbot using snap