Apache on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Nginx on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Haproxy on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Plesk on Web Hosting Service

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Apache on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Debian 7 (wheezy)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Debian 8 (jessie)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then do:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Debian testing/unstable

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Debian (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 16.10 (yakkety)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 16.10 (yakkety)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Ubuntu 16.10 (yakkety)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Ubuntu 16.10 (yakkety)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 16.10 (yakkety)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 16.04 (xenial)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-letsencrypt-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ letsencrypt --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ letsencrypt --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-letsencrypt-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ letsencrypt --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ letsencrypt --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 16.04 (xenial)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Ubuntu 16.04 (xenial)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Ubuntu 16.04 (xenial)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 16.04 (xenial)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install letsencrypt 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run --agree-tos
There's a bug in the version of Certbot on Ubuntu Xenial which may show a warning saying 'Registering without email!' even if you have previously given an email to Certbot. Don't worry if this happens, it will not affect your renewal. If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 14.04 (trusty)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 14.04 (trusty)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Ubuntu 14.04 (trusty)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Ubuntu 14.04 (trusty)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 14.04 (trusty)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Ubuntu (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Gentoo

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-apache

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-nginx

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Arch Linux

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Fedora 22

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Fedora 22

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Fedora 22

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Fedora 22

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Fedora 22

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Fedora 23+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install python-certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install python-certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Fedora 23+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Fedora 23+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Fedora 23+

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Fedora 23+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on CentOS 6

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on RHEL 6

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install python-certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install python-certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on CentOS/RHEL 7

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository.

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on FreeBSD

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on OpenBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on OpenBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on OpenBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on OpenBSD

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on OpenBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/letsencrypt/client && make install clean

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

letsencrypt renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Mac OS X

Automated Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ certbot --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Mac OS X

Automated Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Mac OS X

Automated Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Mac OS X

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Mac OS X

Automated Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for Mac OS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

certbot renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew --quiet 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ ./path/to/certbot-auto --apache

If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Experimental Nginx Plugin Support

There is a pre-alpha Nginx plugin that will automatically obtain and install certs. It is known to be buggy, so you should only use it after backing up your config and if you are comfortable fixing possible breakage. On some platforms there's a certbot-nginx or letsencrypt-nginx or python-certbot-nginx package you can install to get that plugin. If not, you can follow the developer instructions to run Certbot with Nginx support from git master.

Back to top

Haproxy on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Installing a cert in HAProxy


Digital Ocean

dapile

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Plesk on Other UNIX

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically. So you can just run:

$ ./certbot-auto

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

./path/to/certbot-auto renew --dry-run 
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --quiet --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Nginx on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Haproxy on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Plesk on Non-UNIX

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top