The first thing that we have to do is install certbot.
pip install certbot
Once you install the library, let's start...
sudo certbot certonly --manual -d example.com -d www.example.com --agree-tos --manual-public-ip-logging-ok --preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --key-type ecdsa
- The
certbot
initialize the command
- The
certonly
subcommand tells Certbot to obtain a certificate but not to install it.
- The
-d
flag specifies one or more domain names for which you want to obtain a certificate. In this case, you are requesting a certificate forexample.com
andwww.example.com
.
Beware Here
if you add --manual-public-ip-logging-ok
to your code possible you can't
create more SSL certificates
- The
--agree-tos
flag indicates that you agree to the terms of service for Let's Encrypt. The--manual-public-ip-logging-ok
flag allows Let's Encrypt to log your public IP address for the purposes of detecting abuse.
- The
--preferred-challenges
flag specifies the challenge type that you prefer to use for domain validation. In this case, you are using the HTTP challenge, which requires you to create a specific file on your web server in order to prove that you control the domain.
- The
--server
flag specifies the ACME server to use for the certificate request. ACME (Automated Certificate Management Environment) is a protocol for automating the process of issuing and renewing SSL/TLS certificates.
- The
--register-unsafely-without-email
flag tells Certbot to register an account with Let's Encrypt without providing an email address. This is not recommended, as it may make it more difficult to recover your account in the event of a problem.
- The
--key-type
flag specifies the type of private key to use for the certificate. In this case, you are using an elliptic curve digital signature algorithm (ECDSA) key.
The easiest way to me is do it with acme-challenge.
Made with ❤️ to Everyone.