Permalink
Switch branches/tags
0.10.x 0.11.x 0.12.x 0.13.x 0.14.x 0.15.x 0.16.x 0.17.x 0.18.x 0.19.x 0.20.x 0.20.0-changelog 0.21.x 0.22.x 0.23.x 0.24.x 0.25.x 0.26.x 0.27.x 0.28.x 0.29.x 1342 1824 2175-broken-wheel-dependencies 2558-test-fix ENOMEM a-chall-dir accept-language acme-v2-integration acme-v2 acmedns_wip actually-file-update-apache add-code-of-conduct-1 add_case_testcase aggressively-dont-suggest-nginx-default ahaw021-windows all_exceptions allow-py37-testing also-mod-https-nginx always-save-server amazonlinux apache-portability apache-test apache_acmev2 apache_override apache_restart apache22-hack are-builds-working attempting-to-parse auto-order auto-path2 autodeploy autogenerate autohsts-handle-renewal-failures beta-program birdsarah/template_out_phases bleeding-edge-docs bmw-apache-http-01-2 bmw-apache-http-01 bmw-nginx-help bmw-nginx-safeint bmw_multiple_vhosts branch-candidate-0.29.1 break-lockstep bye-validator candidate-0.9.0 candidate-0.11.1-2 candidate-0.11.1 cert_manager certbot-dir certonly challenges-docs changelog-0.27.1 changelog_cleanup cloudflare-packaging contributing-common correct_selection dashaxiong-json-certificate-output dbm_test ddns_auth debian default_prefix detect-acme-version detect_defaults dev-warnings devdocs diagnose-pip-errors disable-rename dnstypo doc-logo doc-package-names docker-tests dockerfile-test dockerfile-test2 docs documentation_cleanup domain-not-unique-in-manual dry_run_ratelimits dynamic-install-requires eicksl-verify-permissions enhance_deprecation enhance_verb erik_py3_comments export_le_python_bad farm-cleanup fhs finalize_shim fix-acmev2 fix-centos6-test fix-everything fix-issue-link fix-rebootstrap-test fix-rebootstrap-test2 fix-rebootstrap-tmp fix-section-test fix_deploy_multi fix_install fix_ipv6only_detection fix_nginx_warning fixed-0.1.1 flexible-challenge-uri freebsd fullchain googledns_acmev2 heavy-tests help-instances http-auth-alt http-auth http01-nginx-follow-up http01-nginx httpd_lens idisplay-logging ignore-menu ignore-unknown-challenges insecureplatformwarning insert_rewrite_at_top install_in_deploy ipv6-standalone ipv6onlydup issue4331 issue_4519 issue_4520 issue_4792 issue_4866 issue_4885 issue_4953 issue_5030 issue_5066 issue_5449 jsha-patch-1 jsha/nginx-poll-reload key-path killpy26 le-dev leave-sys-out-of-this2 legacy_protocol less-verbose let-pip-peep letsencrypt-auto-release-testing-0.1.21 letsencrypt-auto-release-testing-v0.1.22 letsencrypt-auto-release-testing letsencrypt-travis letstest2 lineage-option lint_shhhh log-before-log mac-install make_ssl_makes_new_block manual-cloudflare manual-hooks master min-integration-coverage moar-parallelism mock-110 mockatexit mod-check-test modify_all more-manual-pip-dep-resolution more-testfarm move-main mypy-clean mypy-in-travis mypy-setup namespace-setattr naming-fix new-test-auto-path new_enhancements new_server_block_not_found_for_redirect nginx-acmev2 nginx-compat nginx-compatibility-test nginx-in-install.rst nginx-ipv6 nginx-redirect nginx-reversion-reversion nginx-safeint nginx-space-preservation2 nginx_restructure nginx_selection nginxparser no-1234 no-boulder-logs no-cover-apache no-domains-in-cli-ini no-festivals-required no-more-tls-sni-01 no-phone no-sites-available no-spdy no-wheezing no_duplicate_include no_new_server_blocks none_string notes_revision obj_full_writeout ocsp_apache old-mod-check oom order-matters osiris-ecdsa package-guide pconrad-docs pip-versions pip8-test playing-with-travis plugin-docs plugin_storage portalocker postfix pref-chall2 printf proof-of-possession py3-everything py3_metaclass pydev-paranoia pyopenssl++ pypy python37-tests q quietude-integration quinot/topic/dns-follow-cnames randomsleep recognize-dns reconstitutesque recovery_contact refactor-exception-handler regression_tests relax-setuptools-dep release-test remove-some-travis-cruft remove_location renew_updates return_actual_page revert-3268-dialog-autosize revert-3828-gh-2716 revert-6522 rhel_options route53_acmev2 route53 sendmail separate-repinned-integration server_alias server_block_selection signop-plumb_source_address_setting span-plan specify-min-six-version sphinx-rename subsequent-manual-challenge tell_pkg_mgrs_about_nginx_include test-0.1.22 test-0.21.1 test-37 test-acmev2 test-allow-py37-testing test-are-builds-working test-auto-path test-bmw-nginx-compatibility-test test-break-lockstep test-breakage test-bytes-fullchain-bites test-certbot-upgrade-acme-dep test-domain-not-unique-in-manual test-edge test-everything-0.22.x-2 test-everything-0.22.x test-everything-0.25.1 test-everything-0.29.1 test-everything-4 test-everything-37-quiktest test-everything-again test-everything-again2 test-everything-before-install test-everything-fast-n-quiet test-everything-fast-n-quiet2 test-everything-fix-oldest-tests test-everything-now test-everything-prerelease test-everything-prerelease2 test-everything-separate-integration-coverage test-everything-test test-everything-types test-everything-w-integration test-everything-warnings-2 test-everything-warnings-3 test-everything-warnings test-everything test-exit test-fasteners test-fasteners2 test-fasteners3 test-faster-2 test-fix-hooks-test test-fix-osx-tests test-full-py37-test-everything test-hook-dirs test-http01-nginx test-http01-nginx2 test-letsencrypt-travis test-loud-oldest-tests test-macos-failure test-macos-failurse test-macos test-mypy-certbot-loudly test-mypy-certbot test-no-cover-apache test-no-nose test-nohosts test-oldest test-osx test-osx2 test-pin-back-pkging-tools test-pin-more test-py37-test-everything test-pytest-cover test-python37-test-everything test-python37-test test-python37-tests test-quick-acmev2 test-receive-revert test-remove-cruft test-revert-fix-macos-pytest test-revert-pipstrap-changes test-rm-eol-2.6 test-rollback test-separate-everything test-separate-install test-separate-integration test-separate-integration2 test-separate-integration3 test-separate-repinned-integration test-something test-tests test-update-oldest-tests test-use-real-oldest-certbot-version-with-nginx test-v2-integration-v2 test-v2-integration test-v2-quick test-with-boulder-ip testfail_fix tls-sni-warning-example tos-privacy unbreak-travis unsquashed-postfix update-eold-tests update-server-docs update_error_link upgrade-c-stuff url-checker use-cn-from-csr use-namespace use_key_dir_in_pop v2-orders validator-redirects var-preservation-for-1123 venvdoc with-boulder-ip2 zimbra-installer zjs-digitalocean-packaging zjs-google-cloud-dns-packaging zjs-route53-packaging
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
32 lines (26 sloc) 1.68 KB

What is a Certificate?

A public key or digital certificate (formerly called an SSL certificate) uses a public key and a private key to enable secure communication between a client program (web browser, email client, etc.) and a server over an encrypted SSL (secure socket layer) or TLS (transport layer security) connection. The certificate is used both to encrypt the initial stage of communication (secure key exchange) and to identify the server. The certificate includes information about the key, information about the server identity, and the digital signature of the certificate issuer. If the issuer is trusted by the software that initiates the communication, and the signature is valid, then the key can be used to communicate securely with the server identified by the certificate. Using a certificate is a good way to prevent "man-in-the-middle" attacks, in which someone in between you and the server you think you are talking to is able to insert their own (harmful) content.

You can use Certbot to easily obtain and configure a free certificate from Let's Encrypt, a joint project of EFF, Mozilla, and many other sponsors.

Certificates and Lineages

Certbot introduces the concept of a lineage, which is a collection of all the versions of a certificate plus Certbot configuration information maintained for that certificate from renewal to renewal. Whenever you renew a certificate, Certbot keeps the same configuration unless you explicitly change it, for example by adding or removing domains. If you add domains, you can either add them to an existing lineage or create a new one.

See also: :ref:`updating_certs`