First install certbot. This is basically the Python script that will read the web server configuration and make the request to the Let’s Encrypt API.
On Debian or Ubuntu:
sudo apt install certbot
sudo apt install python3-certbot-nginx
sudo apt install python3-certbot-apacheOn FreeBSD:
sudo pkg install py37-certbot
sudo pkg install py37-certbot-nginx
sudo pkg install py37-certbot-apache
sudo pkg install py37-acmeNote that certbot can only match virtual hosts that listen on port 80.
Run this command for Nginx:
sudo certbot certonly --nginxOr for Apache:
sudo certbot certonly --apacheCertificates will get saved in /etc/letsencrypt/live on Linux, or /usr/local/etc/letsencrypt/live on FreeBSD
In each sub-directory, there will be 4 files created:
- privkey.pem = The private key
- cert.pem = The SSL certificate
- fullchain.pem = SSL cert + Intermediate Cert chain. This format is required by NGINX and some other web servers
- chain.pem = Just the intermediate cert
Here’s a Python script that will create a list of all directories with Let’s Encrypt certs:
#!/usr/bin/env python3
import sys, os
if "linux" in sys.platform:
src_dir = "/etc/letsencrypt/live"
if "freebsd" in sys.platform:
src_dir = "/usr/local/etc/letsencrypt/live"
sites = [ f.name for f in os.scandir(src_dir) if f.is_dir() ]
for site in sites:
if os.path.exists(src_dir + "/" + site + "/cert.pem"):
print("Letsencrypt certificate exists for site:", site)
Layer 77 