Apache on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Nginx on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Haproxy on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Plesk on Web Hosting Service

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Web Hosting Service

Automated Install

Automated Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Advanced Install

Advanced Get Started

If you have administrative shell access to your webserver and you're comfortable running commands on the command line, please select your server software and the operating system it is running from the dropdown menu above. If you don't have these privileges on your webserver or you're not familiar with command line server administration, Certbot probably isn't the best option to enable HTTPS on your site. Instead, you should check if your hosting provider has built-in Let's Encrypt support by contacting them or checking this list of supporting providers.

If your hosting provider doesn't provide built-in Let's Encrypt support, you should ask them to add it! Dozens of providers, with millions of customers, conveniently allow their users to obtain Let's Encrypt certificates automatically. Let's Encrypt works hard to make adding this support as easy possible and it is one of the easiest and best ways for users to increase the security of their websites.

Back to top

Apache on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Debian 7 (wheezy)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian 7 (wheezy)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Debian 8 (jessie)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian 8 (jessie)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to follow the instructions here to enable the Jessie backports repo, if you have not already done so. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian 9 (stretch)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian 9 (stretch)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Debian 9 (stretch)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Debian 9 (stretch)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian 9 (stretch)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Debian testing/unstable

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian testing/unstable

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Debian (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Debian (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 17.04 (zesty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 17.04 (zesty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Ubuntu 17.04 (zesty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Ubuntu 17.04 (zesty)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 17.04 (zesty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 16.10 (yakkety)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 16.10 (yakkety)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Ubuntu 16.10 (yakkety)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Ubuntu 16.10 (yakkety)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 16.10 (yakkety)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 16.04 (xenial)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 16.04 (xenial)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Ubuntu 16.04 (xenial)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Ubuntu 16.04 (xenial)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 16.04 (xenial)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu 14.04 (trusty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu 14.04 (trusty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install python-certbot-nginx 

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Ubuntu 14.04 (trusty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Ubuntu 14.04 (trusty)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu 14.04 (trusty)

Automated Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

On Ubuntu systems, the Certbot team maintains a PPA. Once you add it to your list of repositories all you'll need to do is apt-get the following packages.

$ sudo apt-get update
$ sudo apt-get install software-properties-common
$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Ubuntu (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Ubuntu (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-nginx

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot-nginx

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Gentoo

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Gentoo

Automated Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

The Certbot client is available in Gentoo Portage. (Run the package-management commands below with sudo if not running as root.)

$ emerge -av app-crypt/certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-nginx

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot-nginx

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Arch Linux

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Arch Linux

Automated Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install


Run these steps to install the Certbot client.

$ sudo pacman -S certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Fedora 24+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Fedora 24+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot-nginx

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot-nginx

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Fedora 24+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Fedora 24+

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Fedora 24+

Automated Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for your OS, so to install it simply run the following command:

$ sudo dnf install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on CentOS 6

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on CentOS 6

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on RHEL 6

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on RHEL 6

Automated Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Not all of Certbot's dependencies are available in the standard repositories. To use Certbot, you must first enable the EPEL (Extra Packages for Enterprise Linux) repository.

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot-apache

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot-apache

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot-nginx

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot-nginx

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on CentOS/RHEL 7

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on CentOS/RHEL 7

Automated Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged in EPEL (Extra Packages for Enterprise Linux). To use Certbot, you must first enable the EPEL repository and enable EPEL optional channel.

If you are using ec2 you can enable optional channel by running:

$ yum -y install yum-utils
$ yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional

After doing this, you can install Certbot by running:

$ sudo yum install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on FreeBSD

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on FreeBSD

Automated Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Port:

$ cd /usr/ports/security/py-certbot && make install clean

Package:

pkg install py27-certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on OpenBSD 5.9

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on OpenBSD 5.9

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on OpenBSD 5.9

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on OpenBSD 5.9

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on OpenBSD 5.9

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add letsencrypt

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo letsencrypt certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo letsencrypt certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo letsencrypt certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo letsencrypt renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
letsencrypt renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on OpenBSD 6.0+

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on OpenBSD 6.0+

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on OpenBSD 6.0+

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on OpenBSD 6.0+

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on OpenBSD 6.0+

Automated Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Run these steps to install the Certbot client.

Package:

pkg_add certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on OpenBSD (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on OpenBSD (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on OpenBSD (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on OpenBSD (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on OpenBSD (other)

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on macOS

Automated Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on macOS

Automated Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo certbot --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on macOS

Automated Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on macOS

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on macOS

Automated Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:

$ brew install certbot

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Devuan Jessie 1.0

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install python-certbot-apache -t jessie-backports

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Devuan Jessie 1.0

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Devuan Jessie 1.0

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Devuan Jessie 1.0

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Devuan Jessie 1.0

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

First you'll have to enable the Jessie backports repo by creating this file. Then run:

$ sudo apt-get install certbot -t jessie-backports

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Devuan (other)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install python-certbot-apache 

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo certbot --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo certbot --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Devuan (other)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Devuan (other)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Devuan (other)

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Devuan (other)

Automated Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since Certbot is packaged for your system, all you'll need to do is apt-get the following packages.

$ sudo apt-get install certbot 

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo certbot certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo certbot certonly --standalone -d example.com -d www.example.com

Automating renewal

The Certbot packages on your system come with a cron job that will renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo certbot renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
certbot renew 

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has a fairly solid beta-quality Apache plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --apache

Running this command will get a certificate for you and have Certbot edit your Apache configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Apache configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --apache certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Nginx on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot has an Nginx plugin, which is supported on many platforms, and automates both obtaining and installing certs:

$ sudo ./path/to/certbot-auto --nginx

Running this command will get a certificate for you and have Certbot edit your Nginx configuration automatically to serve it. If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, you can use the certonly subcommand:

$ sudo ./path/to/certbot-auto --nginx certonly
To learn more about how to use Certbot read our documentation.

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Haproxy on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet officially support automatic installation you should probably use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Installing a cert in HAProxy


Certificate installation with HAProxy is complicated; you probably want to follow one of these guides.

Digital Ocean's guide

or

Skarlso's guide

Or you might be interested in using the experimental third-party HAProxy plugin from Greenhost.

Back to top

Plesk on Other UNIX

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Other UNIX

Automated Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it installs all of its own dependencies and updates the client code automatically.

Automated Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Advanced Install

Install

Since it doesn't seem like your operating system has a packaged version of Certbot, you should use our certbot-auto script to get a copy:

wget https://dl.eff.org/certbot-auto
chmod a+x certbot-auto

certbot-auto accepts the same flags as certbot; it is a wrapper that installs all of its own dependencies and updates the client code automatically.

Advanced Get Started

Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.

Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.

$ sudo ./path/to/certbot-auto certonly

This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.

Alternatively, you can specify more information on the command line.

To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:

$ sudo ./path/to/certbot-auto certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is

This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.

To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:

$ sudo ./path/to/certbot-auto certonly --standalone -d example.com -d www.example.com

Automating renewal

Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:

$ sudo ./path/to/certbot-auto renew --dry-run
If that appears to be working correctly, you can arrange for automatic renewal by adding a cron or systemd job which runs the following:
./path/to/certbot-auto renew --no-self-upgrade

More detailed information and options about renewal can be found in the full documentation.

Back to top

Apache on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Nginx on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Haproxy on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top

Plesk on Non-UNIX

Automated Install

Automated Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Advanced Install

Advanced Get Started

For Plesk you won't even need to install Certbot. Instead, use the extension already available in Plesk — it will also give you automatic renewal of your certificates out-of-the-box as well! Read more about the extension here.

Back to top

None of the above on Non-UNIX

Automated Install

Automated Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Advanced Install

Advanced Get Started

Certbot is currently only available for UNIX-like operating systems. Although EFF's Certbot might not work for your use case, there are many other clients written by other organizations and developers that you may be able to use to obtain a certificate from Let's Encrypt.

Back to top