The first thing that we have to do is install certbot.
pip install certbot
Once you install the library, let's start...
sudo certbot certonly --manual -d example.com -d www.example.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --key-type ecdsa
- The
certbotinitialize the command
- The
certonlysubcommand tells Certbot to obtain a certificate but not to install it.
- The
-dflag specifies one or more domain names for which you want to obtain a certificate. In this case, you are requesting a certificate forexample.comandwww.example.com.
Beware Here
if you add --manual-public-ip-logging-ok to your code possible you can't create more SSL certificates
- The
--agree-tosflag indicates that you agree to the terms of service for Let's Encrypt. The--manual-public-ip-logging-okflag allows Let's Encrypt to log your public IP address for the purposes of detecting abuse.
- The
--preferred-challengesflag specifies the challenge type that you prefer to use for domain validation. In this case, you are using the HTTP challenge, which requires you to create a specific file on your web server in order to prove that you control the domain.
- The
--serverflag specifies the ACME server to use for the certificate request. ACME (Automated Certificate Management Environment) is a protocol for automating the process of issuing and renewing SSL/TLS certificates.
- The
--register-unsafely-without-emailflag tells Certbot to register an account with Let's Encrypt without providing an email address. This is not recommended, as it may make it more difficult to recover your account in the event of a problem.
- The
--key-typeflag specifies the type of private key to use for the certificate. In this case, you are using an elliptic curve digital signature algorithm (ECDSA) key.
The easiest way to me is do it with acme-challenge.
Made with ❤️ to Everyone.