None of the above on macOS
Install
Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:
$ brew install certbot
Installing DNS plugins
Certbot's DNS plugins are not available for your OS yet. These plugins can be used to automate obtaining a wildcard certificate from Let's Encrypt's ACMEv2 server. This should change soon but if you don't want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.
Get Started
Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.
Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.
$ sudo certbot certonly
This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.
Alternatively, you can specify more information on the command line.
To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:
$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.
To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:
$ sudo certbot certonly --standalone -d example.com -d www.example.com
Automating renewal
Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
$ sudo certbot renew --dry-runIf that appears to be working correctly, you can arrange for automatic renewal by adding a cron job or systemd timer which runs the following:
certbot renew
An example cron job might look like this, which will run at noon and midnight every day:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
More detailed information and options about renewal can be found in the full documentation.
Install
Certbot is packaged for macOS via Homebrew. We recommend that you follow the official instructions for installing Homebrew, and then run this command to get the certbot package:
$ brew install certbot
Installing DNS plugins
Certbot's DNS plugins are not available for your OS yet. These plugins can be used to automate obtaining a wildcard certificate from Let's Encrypt's ACMEv2 server. This should change soon but if you don't want to wait, you can use these plugins now by running Certbot in Docker instead of using the instructions on this page.
Get Started
Certbot supports a number of different “plugins” that can be used to obtain and/or install certificates.
Since your server architecture doesn't yet support automatic installation you'll have to use the certonly command to obtain your certificate.
$ sudo certbot certonly
This will allow you interactively select the plugin and options used to obtain your certificate. If you already have a webserver running, we recommend choosing the "webroot" plugin.
Alternatively, you can specify more information on the command line.
To obtain a cert using the "webroot" plugin, which can work with the webroot directory of any webserver software:
$ sudo certbot certonly --webroot -w /var/www/example -d example.com -d www.example.com -w /var/www/thing -d thing.is -d m.thing.is
This command will obtain a single cert for example.com, www.example.com, thing.is, and m.thing.is; it will place files below /var/www/example to prove control of the first two domains, and under /var/www/thing for the second pair.
To obtain a cert using a built-in “standalone” webserver (you may need to temporarily stop your existing webserver, if any) for example.com and www.example.com:
$ sudo certbot certonly --standalone -d example.com -d www.example.com
Automating renewal
Certbot can be configured to renew your certificates automatically before they expire. Since Let's Encrypt certificates last for 90 days, it's highly advisable to take advantage of this feature. You can test automatic renewal for your certificates by running this command:
$ sudo certbot renew --dry-runIf that appears to be working correctly, you can arrange for automatic renewal by adding a cron job or systemd timer which runs the following:
certbot renew
An example cron job might look like this, which will run at noon and midnight every day:
0 0,12 * * * python -c 'import random; import time; time.sleep(random.random() * 3600)' && certbot renew
More detailed information and options about renewal can be found in the full documentation.