uw7fYvUz

1certbot instructions
2My HTTP website is running
3
4on
5
6Help, I'm not sure!
7To use Certbot, you'll need...
8A laptop
9comfort with the command lineClose button
10Command Line
11A command line is a way of interacting with a computer by typing text-based commands to it and receiving text-based replies. Certbot is run from a command-line interface, usually on a Unix-like server. In order to use Certbot for most purposes, you’ll need to be able to install and run it on the command line of your web server, which is usually accessed over SSH.
12
13From our Certbot Glossary
14Web browser showing an HTTP site
15...and an HTTP websiteClose button
16HTTP
17HTTP (Hypertext Transfer Protocol) is the traditional, but insecure, method for web browsers to request the content of web pages and other online resources from web servers. It is an Internet standard and normally used with TCP port 80. Almost all websites in the world support HTTP, but websites that have been configured with Certbot or some other method of setting up HTTPS may automatically redirect users from the HTTP version of the site to the HTTPS version.
18
19From our Certbot Glossary
20
21that is already onlineClose button
22Website That’s Already Online
23Certbot is usually meant to be used to switch an existing HTTP site to work in HTTPS (and, afterward, to continue renewing the site’s HTTPS certificates whenever necessary). Some Certbot documentation assumes or recommends that you have a working web site that can already be accessed using HTTP on port 80. That means, for example, that if you use a web browser to go to your domain using http://, your web server answers and some kind of content comes up (even if it’s just a default welcome page rather than the final version of your site). Some methods of using Certbot have this as a prerequisite, so you’ll have a smoother experience if you already have a site set up with HTTP. (If your site can’t be accessed this way as a matter of policy, you’ll probably need to use DNS validation in order to get a certificate with Certbot.)
24
25From our Certbot Glossary
26
27with an open port 80Close button
28Port 80
29Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. To use certbot –webroot, certbot –apache, or certbot –nginx, you should have an existing HTTP website that’s already online hosted on the server where you’re going to use Certbot. This site should be available to the rest of the Internet on port 80. To use certbot –standalone, you don’t need an existing site, but you have to make sure connections to port 80 on your server are not blocked by a firewall, including a firewall that may be run by your Internet service provider or web hosting provider. Please check with your ISP or hosting provider if you’re not sure. (Using DNS validation does not require Let’s Encrypt to make any inbound connection to your server, so with this method in particular it’s not necessary to have an existing HTTP website or the ability to receive connections on port 80.)
30
31From our Certbot Glossary
32A sever
33...which is hosted on a serverClose button
34Server
35A server is a computer on the Internet that provides a service, like a web site or an email service. Most web site owners pay a hosting provider for the use of a server located in a data center and administered over the Internet. This might be a physical dedicated server, a virtual private server (VPS), or a shared server. Other servers provide other parts of the Internet infrastructure, such as DNS servers.
36
37From our Certbot Glossary
38
39which you can access via SSHClose button
40SSH
41SSH (which stands for “secure shell”) is a technology for connecting to a remote server and accessing a command line on that server, often in order to administer it. The administrator of a server can grant SSH access to others, and can also use SSH access directly in order to administer the server remotely. SSH is usually used to access servers running Unix-like operating systems, but your own computer doesn’t have to be running Unix in order to use SSH. You normally use SSH from your computer’s command line in a terminal by typing a command such as ssh username@example.com, especially if your own computer runs Linux or macOS. After logging in, you’ll have access to the server’s command line. If you use Windows on your computer, you might also use a dedicated SSH application such as PuTTY. Most Certbot users run Certbot from a command prompt on a remote server over SSH.
42
43From our Certbot Glossary
44
45with the ability to sudoClose button
46sudo
47Sudo is the most common command on Unix-like operating systems to run a specific command as root (the system administrator). If you’re logged in to your server as a user other than root, you’ll likely need to put sudo before your Certbot commands so that they run as root (for example, sudo certbot instead of just certbot), especially if you’re using Certbot’s integration with a web server like Apache or Nginx. (The certbot-auto script automatically runs sudo if it’s necessary and you didn’t specify it.)
48
49From our Certbot Glossary
50
51optional if you want a wildcard certClose button
52Wildcard Certificate
53A wildcard certificate is a certificate that covers one or more names starting with *. and that will be accepted by a web browser for any subdomain name with any label in place of the * character. For example, a certificate for *.example.com will be valid for www.example.com, mail.example.com, hello.example.com, or goodbye.example.com, but not for example.com.
54
55From our Certbot Glossary
56 : DNS credentialsClose button
57DNS Credentials
58DNS credentials are a password or other kind of secret (such as an API key) that your DNS provider lets you use to change the contents of your DNS records. They are usually issued by your domain registrar (or by another DNS provider, if your DNS provider isn’t the same as your registrar). DNS credentials are a sensitive kind of secret because they can be used to take over your site completely. You should never share these credentials publicly or with an unauthorized person. It can be OK to provide a copy of them to Certbot to let it perform DNS validation automatically, since it runs locally on your machine.
59
60From our Certbot Glossary
61Don't have these requirements?
62Not to worry! Some hosting providers automate the HTTPS process. See the full list of hosting providers, or find out more about how to set up your system.
63
64Nginx on Ubuntu 18.04 LTS (bionic)
65default wildcard
66SSH into the server
67SSH into the server running your HTTP website as a user with sudo privileges.
68
69Add Certbot PPA
70You'll need to add the Certbot PPA to your list of repositories. To do so, run the following commands on the command line on the machine:
71
72sudo apt-get update
73sudo apt-get install software-properties-common
74sudo add-apt-repository universe
75sudo add-apt-repository ppa:certbot/certbot
76sudo apt-get update
77Install Certbot
78Run this command on the command line on the machine to install Certbot.
79
80sudo apt-get install certbot python-certbot-nginx
81Choose how you'd like to run Certbot
82Either get and install your certificates...
83Run this command to get a certificate and have Certbot edit your Nginx configuration automatically to serve it, turning on HTTPS access in a single step.
84
85sudo certbot --nginx
86Or, just get a certificate
87If you're feeling more conservative and would like to make the changes to your Nginx configuration by hand, run this command.
88
89sudo certbot certonly --nginx
90Test automatic renewal
91The Certbot packages on your system come with a cron job or systemd timer that will renew your certificates automatically before they expire. You will not need to run Certbot again, unless you change your configuration. You can test automatic renewal for your certificates by running this command:
92
93sudo certbot renew --dry-run
94The command to renew certbot is installed in one of the following locations:
95
96/etc/crontab/
97/etc/cron.*/*
98systemctl list-timers
99Confirm that Certbot worked
100To confirm that your site is set up properly, visit https://yourwebsite.com/ in your browser and look for the lock icon in the URL bar. If you want to check that you have the top-of-the-line installation, you can head to https://www.ssllabs.com/ssltest/.
101
102check your site's  https:// at SSL Labs.
103
104Lightbulb
105Troubleshooting?
106Encountering an error?
107Get help Gear
108Need more options to customize your setup?
109See how to work with Certbot Bag decorated with a heart
110Like Certbot? This free, open source project is part of EFF's commitment to make encryption accessible for all.
111Donate to Certbot and EFF