webserver/certbot-ubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
certbot-ubuntu/README.md
allan e9fb0df269 initial commit
2025-10-23 15:48:47 +02:00

139 lines
4.4 KiB
Markdown
Raw Permalink Blame History

# Certbot for Ubuntu 24.04 Server
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![Certbot](https://img.shields.io/badge/certbot-cloudflare_dns-2AABEE)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)
Automated Bash installer script for deploying **Certbot** with **Cloudflare DNS challenge** support on Ubuntu 24.04.
> **NOTE**
> Although commonly used for web servers such as Nginx or Apache, this script works with any service that requires TLS certificates.
### Prerequisites
A Cloudflare API key with **Zone:DNS:Edit** permission for the zone you need a certificate for. See the article [here](https://certbot-dns-cloudflare.readthedocs.io/en/stable/) for detailed information.
### Preparing
Update your package index before running the installer:
```
sudo apt update -y
```
### Download the Script
Clone the repository from your Git server:
```
git clone https://git.x-files.dk/webserver/certbot-ubuntu.git
```
```
cd certbot-ubuntu
```
### Usage
Run the script using:
```
sudo ./certbotinstall [-p] <Cloudflare API Key>
```
### Example
```
sudo ./certbotinstall -p 1234567890abcdef1234567
```
### Post-install
Nothing to do.
### Examples
### Creating a new certificate with Nginx hook
```
sudo certbot certonly -d example.com -d www.example.com -d sub1.example.com -d sub2.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
```
### Creating a wildcard certificate with Nginx hook
```
sudo certbot certonly -d *.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini --post-hook "service nginx reload" --non-interactive --agree-tos --email email@example.com --dns-cloudflare-propagation-seconds 30
```
### Delete a certificate
List all certificates:
```bash
sudo certbot certificates
```
Example output:
```
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 4fac2132bca56b1ce808116378450ed5197
Key Type: RSA
Domains: example.com sub1.example.com sub2.example.com sub3.example.com
Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
```
Delete `example.com`:
```
sudo certbot delete --cert-name example.com
```
### Adding a subdomain or domain to a certificate
To add a subdomain, expand the current certificate with the new subdomain. This means including all the existing domains, then expanding with the new subdomain.
Example (adding sub1.example.com):
```
sudo certbot certonly --expand -d example.com -d www.example.com -d sub1.example.com --dns-cloudflare --dns-cloudflare-credentials /etc/letsencrypt/dnscloudflare.ini
```
> **NOTE**
> Best practice is to delete the current certificate and request a new one with all domains and subdomains.
### Modify a certificate
List all certificates:
```
sudo certbot certificates
```
Example output:
```
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Serial Number: 4fac2132bca56b1ce808116378450ed5197
Key Type: RSA
Domains: example.com sub1.example.com sub2.example.com sub3.example.com
Expiry Date: 2022-05-05 08:24:14+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
```
To remove `sub2.example.com`, run:
```
sudo certbot --cert-name example.com -d example.com -d sub1.example.com -d sub3.example.com
```
This will reissue the certificate for example.com, sub1.example.com, and sub3.example.com, leaving out sub2.example.com.
---
### More Information
More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)
---
### License
Licensed under the [MIT License](./LICENSE).
---
Reference in New Issue View Git Blame Copy Permalink