Certbot installieren

sudo apt install certbot

Domain registrieren

sudo certbot certonly --standalone -d [domain] -d [domain]

Wildcard

sudo certbot --server https://acme-v02.api.letsencrypt.org/directory -d *.[domain] -d [domain] --manual --preferred-challenges dns-01 certonly

Dabei muss das angegebene "DNS TXT record" beim Provider eingerichtet werden.

Please deploy a DNS TXT record under the name
_acme-challenge.[domain] with the following value:

[dns-txt-record-value]

Before continuing, verify the record is deployed.

Nginx einrichten

server {
    listen 80;
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/[domain]/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/[domain]/privkey.pem;
    ssl_protocols TLSv1.3;
    
    server_name [domain]
    
    ...

Renew

sudo certbot renew --force-renewal

Renew Wildcard

sudo certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns-01 --server https://acme-v02.api.letsencrypt.org/directory -d *.[domain] -d [domain]

Auch hier muss das angegebene "DNS TXT record" beim Provider eingerichtet werden.

Please deploy a DNS TXT record under the name
_acme-challenge.[domain] with the following value:

[dns-txt-record-value]

Before continuing, verify the record is deployed.

Zertifikate auflisten

sudo certbot certificates

Zertifikate löschen

sudo certbot delete --cert-name [cert-name]