Search notes:

Let's Encrypt

Let's Encrypt is a Certification Authority (CA) which issues certificates that are required to enable HTTPS for a website/webserver. Let's Encrypt will issue such a certificate to everyone who demonstrates to have control over the server where the webserver runs.
Let’s Encrypt is a joint project of EFF, Mozilla and many other sponsors.

Certbot

Certbot is the ACME client (see RFC 8555) recommended by Let's Encrypt (a list of other client implementations is here).
Certbot fetches a certificate from Let's Encrypt. Generated keys and fetched certficates are stored under /etc/letsencrypt/live/$domain ($domain = certificate name),hw
Certbot is meant to be run on the machine where the webserver is hosted.
If Certbot is run with root privileges, it is able to automatically configure TLS/SSL for Apache and nginx.
Most modern Linux distributions (basically any that use systemd) can install Certbot packaged as a snap.
Some commands:
Log file: /var/log/letsencrypt.

nginx-confgen

$ apt show python3-certbot-nginx 2>/dev/null | grep Description
Description: Nginx plugin for Certbot

See also

The Python library certbot
RFC 8555
The deb package certbot

Links

Ask questions on the Let's Encrypt Community Forum
github repository certbot

Index