DONG Yuxuan @ May 27, 2020 Asia/Shanghai
% sudo apt-get update % sudo apt-get install software-properties-common % sudo add-apt-repository universe % sudo add-apt-repository ppa:certbot/certbot % sudo apt-get update
% sudo apt-get install certbot python3-certbot-apache
Ensure you already have a functional HTTP site (virtualhost).
We have two choices to get a certification.
sudo certbort certonly --apache can get a certification for you; You run it and it will ask you some information including the domain you want to use, your email for nitifications, etc.;
sudo certbort --apache can get a certification and create an HTTPS apache virtualhost for you; Except asking you about the domain and email, it also asks whether you want it to change the original HTTP virtualhost to forward requests to the new HTTPS site for you.
The second command will modify your Apache config files.
Thus the programmer of
certbot is not the god, I personally think it will be dangerous.
The first command is recommended by me.
After getting the certification, y could edit Apache config files yourself. I wrote a tutorial about it.
After getting a certification using
certbot will use crontab or systemd to periodically renew the certification.
You could also renew certifications manually.
You can call
cerbot renew to renew all the certifications installed on the machine or call
certbot --cert-name CERTNAME to renew a specific one.
In some cases you may want to remove a certification. For example, the private key is leaked or you want to migrate to a new server.
According to the official document, to revoke a certification is completed by the following.
% certbot revoke [--cert-path path | --cert-name name] % certbot delete --cert-name CERTNAME
If you don’t use delete to remove the certificate completely, it will be renewed automatically at the next renewal event.
However, in my practise
cerbot revoke will ask whether you want to delete. If you said yes to
cerbot revoke it will delete them for you thus you don’t need to call