Security

Certbot CLI

Certbot commands for Let's Encrypt SSL certificate management.

27 commands

Windows MacOS Linux

#ssl-certificates #letsencrypt

Download PDF

Certificate Issuance

certbot certonly --standalone -d example.com # Obtain cert using standalone server

certbot certonly --webroot -w /var/www/html -d example.com # Obtain cert using webroot

certbot certonly -d example.com -d www.example.com # Obtain cert for multiple domains

Obtain and install cert for Nginx

certbot --nginx -d example.com

Obtain and install cert for Apache

certbot --apache -d example.com

List all managed certificates

certbot certificates

Renewal

Renew all certificates due for renewal

certbot renew

Test renewal without making changes

certbot renew --dry-run

Force renewal of all certificates

certbot renew --force-renewal

certbot renew --deploy-hook "systemctl reload nginx" # Run command after renewal

certbot renew --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" # Hooks for standalone renewal

Revocation

certbot revoke --cert-path /etc/letsencrypt/live/example.com/cert.pem # Revoke certificate by path

Revoke certificate by name

certbot revoke --cert-name example.com

Delete certificate files

certbot delete --cert-name example.com

certbot revoke --reason keycompromise --cert-name example.com # Revoke with reason

Testing

certbot certonly --standalone -d example.com --staging # Use staging server for testing

certbot certonly --dry-run -d example.com # Simulate obtaining a certificate

Simulate certificate renewal

certbot renew --dry-run

certbot certonly --standalone -d example.com --test-cert # Obtain test certificate

Plugins

Use Nginx plugin for automation

certbot --nginx

Use Apache plugin for automation

certbot --apache

certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/cloudflare.ini -d example.com # DNS challenge with Cloudflare

certbot certonly --manual --preferred-challenges dns -d example.com # Manual DNS challenge

List installed plugins

certbot plugins

Quick Commands

Obtain SSL certificate using standalone server

certbot certonly --standalone -d example.com

Test certificate renewal without making changes

certbot renew --dry-run

Obtain certificate using Cloudflare DNS challenge

certbot certonly --dns-cloudflare --dns-cloudflare-credentials ~/.secrets/cloudflare.ini -d example.com

Back to Cheatsheets Download PDF

Certbot CLI

Certificate Issuance

Renewal

Revocation

Testing

Plugins

Quick Commands

Stay Updated!

Thank You!

Share Cheatsheet