Is certbot the best way to handle Let's Encrypt certs?
-
Is installing certbot the best way to handle setting up and renewing Let's Encrypt certs?
PS. Assuming the server is not under the control of Ansible or other automation tool.
-
@Pete-S said in Is certbot the best way to handle Let's Encrypt certs?:
Is installing certbot the best way to handle setting up and renewing Let's Encrypt certs?
That depends. ACME is an open standard for requesting things. Certbot though is the most prolific solution.
-
@JaredBusch said in Is certbot the best way to handle Let's Encrypt certs?:
most prolific solution
Sounds as good as any other metric I guess.
-
Lego is another good one from what I've seen. It does all 3 challenge types.
-
@stacksofplates said in Is certbot the best way to handle Let's Encrypt certs?:
Lego is another good one from what I've seen. It does all 3 challenge types.
Thanks, might have a look at it next time.
I went with certbot this time because it was very clear what needed to be done. Debian has a package for it's all you need to do is have a http server up and running and then:
# apt-get install certbot python-certbot-apache # certbot --apacheIt will do everything for you - create & install the certificate, set up redirection from http to https, set up a job that updates the cert etc.
The site has instructions for every common OS (redhat, ubuntu etc) and http daemon (apache, nginx etc) combination.
https://certbot.eff.org/lets-encrypt/debianbuster-apache -
@Pete-S said in Is certbot the best way to handle Let's Encrypt certs?:
@stacksofplates said in Is certbot the best way to handle Let's Encrypt certs?:
Lego is another good one from what I've seen. It does all 3 challenge types.
Thanks, might have a look at it next time.
I went with certbot this time because it was very clear what needed to be done. Debian has a package for it's all you need to do is have a http server up and running and then:
# apt-get install certbot python-certbot-apache # certbot --apacheIt will do everything for you - create & install the certificate, set up redirection from http to https, set up a job that updates the cert etc.
The site has instructions for every common OS (redhat, ubuntu etc) and http daemon (apache, nginx etc) combination.
https://certbot.eff.org/lets-encrypt/debianbuster-apacheYeah certbot is the easiest. Lego is just more flexible and you only need the binary. Def start with the easiest for now.
