I was trying to create Let’s Encrypt certificate using certbot for my sub-domain and had the following issue. Command: ubuntu@localhost:~$ certbot –nginx -d my_subdomain.website.com -d my_subdomain2.website.com Issue: The requested Nginx plugin does not appear to be installed Solution: Ubuntu 20+ ubuntu@localhost:~$ sudo apt-get install python3-certbot-nginx Earlier Versions ubuntu@localhost:~$ sudo apt-get install python-certbot-nginx
I’m the author of Greenlock, a certbot-compatible Let’s Encrypt v2 client, so I’ve had to learn the ins and outs of all these things as well. Hopefully this helps: KEY privkey.pem is the “key” file Sometimes it is improperly named as cert.key or example.com.key. CRT fullchain.pem is your “crt” file. Sometimes it is improperly named … Read more
I wrote 2 blog posts about Let’s Encrypt and Spring Boot. Issuing a certificate. Spring Boot Application Secured by Let’s Encrypt Certificate Renewing a certificate. Let’s Encrypt Certificate Renewal: for Spring Boot In a nutshell, steps are as follows: Pulling the Let’s Encrypt client (certbot). Generating a certificate for your domain (e.g. example.com) ./certbot-auto certonly … Read more
You can run certbot ‘silently’ by adding the following options: –non-interactive –agree-tos -m webmaster@example.com The full list of config options is available here: https://certbot.eff.org/docs/using.html
You just need to stop all running servers like Apache, nginx or OpenShift before doing this. Stop Nginx sudo systemctl stop nginx Stop Apache2 sudo systemctl stop apache2
On my Ubuntu 16.04.6 LTS (Xenial Xerus) machine, the solution was to remove the DST Root CA X3 certificate by running the following two commands: sudo rm /usr/share/ca-certificates/mozilla/DST_Root_CA_X3.crt sudo update-ca-certificates On my Mac OS X 10.13.6 (High Sierra) machine, cURL (and therefore Git) rely on the /etc/ssl/cert.pem file for root CA verification. The solution was … Read more
Renew a single certificate using renew with the –cert-name option. (certonly creates a certificate for one or more domains, replacing it if exists). Example certbot renew –cert-name domain1.com –dry-run Remove –dry-run to actually renew. Cert-name != Domain name Note that the value supplied to –cert-name option is a certificate name (not a domain name) found … Read more
[Update 2016-06-08: According to https://bugs.openjdk.java.net/browse/JDK-8154757 the IdenTrust CA will be included in Oracle Java 8u101.] [Update 2016-08-05: Java 8u101 has been released and does indeed include the IdenTrust CA: release notes] Does Java support Let’s Encrypt certificates? Yes. The Let’s Encrypt certificate is just a regular public key certificate. Java supports it (according to Let’s … Read more
You need to specify all of the names, including those already registered. I used the following command originally to register some certificates: /opt/certbot/certbot-auto certonly –webroot –agree-tos -w /srv/www/letsencrypt/ \ –email me@example.com \ –expand -d example.com,www.example.com … and just now I successfully used the following command to expand my registration to include a new subdomain as … Read more