Certbot: Difference between revisions
imported>Onny mNo edit summary |
imported>Onny Adding instructions on DNS challenge plugins |
||
Line 10: | Line 10: | ||
== Usage == | == Usage == | ||
Generated certificates and keys by using the commands below will be stored as <code>/etc/letsencrypt/live/example.org/fullchain.pem</code> and <code>/etc/letsencrypt/live/example.org/privkey.pem</code>. | |||
To make the keys readable by a third party user or application, you could set custom ACL permissions. In this example we grant the user <code>maddy</code> read permissions for the certificate folder: | |||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# | # sudo setfacl -R -m u:maddy:rX /etc/letsencrypt/{live,archive} | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== Manual DNS challenge === | |||
The following command will generate a SSL certificate key pair for the domain <code>example.org</code> using the DNS authentication mechanism. After running this command, you'll get asked by the script to paste a specific key into your DNS records for <code>example.org</code>. | |||
<syntaxhighlight lang="console"> | <syntaxhighlight lang="console"> | ||
# | # certbot certonly --manual --preferred-challenges dns -d example.org --register-unsafely-without-email --agree-tos | ||
</syntaxhighlight> | </syntaxhighlight> | ||
=== DNS challenge using a plugin === |