diff --git a/Web Servers & Reverse Proxies/CertBot/temp.md b/Web Servers & Reverse Proxies/CertBot/temp.md new file mode 100644 index 0000000..9000c1c --- /dev/null +++ b/Web Servers & Reverse Proxies/CertBot/temp.md @@ -0,0 +1,94 @@ +# πŸ” Certbot – SSL Certificate Management Guide + +## πŸ“¦ Install Certbot + +```bash +apt install certbot +``` + +Installs **Certbot**, the free tool to automatically obtain and manage SSL/TLS certificates from **Let's Encrypt**. + +--- + +## πŸ–₯️ Method 1 – Standalone Mode + +```bash +certbot certonly --standalone -d www.example.com +``` + +πŸ’‘ **Standalone mode** runs its own temporary web server to complete the verification. + +* Use when no web server (Apache/Nginx) is running on the same port. +* Certificates will be saved in: + + * All versions: `/etc/letsencrypt/archive/` + * Latest version (symlink): `/etc/letsencrypt/live/` + +--- + +## 🌐 Method 2 – Webroot Mode + +```bash +certbot certonly --webroot --webroot-path -d +``` + +πŸ“Œ **Webroot mode** places a verification file in your website's public directory. + +* `` = your website's document root (e.g., `/var/www/html`) +* Use when your site is already running and accessible. + +--- + +## πŸ› οΈ Method 3 – Manual DNS Challenge + +```bash +certbot certonly --manual --preferred-challenges dns -d +``` + +πŸ”Ή **DNS mode** requires you to manually add a TXT record to your domain’s DNS. + +* Best for **wildcard** certificates (`*.example.com`) +* Works even without a running web server. + +--- + +## ♻️ Renew Certificates + +### Automatic Renewal + +```bash +certbot renew +``` + +* Renews all certificates close to expiration. + +### Force Renewal + +```bash +certbot renew --force-renewal +``` + +* Renews certificates **immediately**, even if not expiring soon. + +--- + +## πŸ“… Tips + +* Certificates expire every **90 days** β€” always set up **auto-renew**. +* Test renewal without changes: + +```bash +certbot renew --dry-run +``` + +* Restart your web server after renewal to apply new certificates: + +```bash +systemctl restart nginx +# or +systemctl restart apache2 +``` + +--- + +✨ **With Certbot, your HTTPS setup can be fast, free, and automatic!** πŸ”’πŸš€