Let's Encrypt is a Certification Authority (CA) which issues certificates that are required to enable
HTTPS for a website/
webserver. Let's Encrypt will issue such a certificate to everyone who demonstrates to have control over the server where the webserver runs.
Let’s Encrypt is a joint project of EFF, Mozilla and many other sponsors.
Certbot
Certbot is the ACME client (see
RFC 8555) recommended by Let's Encrypt (a list of other client implementations is
here).
Certbot fetches a certificate from Let's Encrypt. Generated keys and fetched certficates are stored under /etc/letsencrypt/live/$domain
($domain
= certificate name),hw
Certbot is meant to be run on the machine where the webserver is hosted.
If Certbot is run with root privileges, it is able to automatically configure TLS/SSL for Apache and nginx.
Most modern Linux distributions (basically any that use systemd) can install Certbot packaged as a snap.
Some commands:
-
certbot
(or certbot run
): Obtain and install a certificate.
-
certbot certonly
: Obtain a certificate without installing it.
-
certbot --nginx
: Use nginx plugin?
-
certbot certificates
: Show a list of all certificates that cerbot knows about.
-
certbot --version
(useful when asking questions in the community forum)
Log file: /var/log/letsencrypt
.