www.bernatchez.net - Get SSL Certificate Using Letsencrypt Certbot

Get SSL Certificate Using Letsencrypt Certbot

Overview

Before letsencrypt will generate and deliver a certificate for you it must test whether you indeed control the DNS RECORDS for that domain. It does that by asking you to create a TXT record that it can check through the domain name system. So you use certbot to request your certificate. It supplies you with what it wants in the TXT record. You create the txt record using your interface to the DNS service you are using and when the new record has propagated, you press continue allowing certbot to complete the task and save your certificate.

Install Certbot

sudo apt update
sudo apt install certbot

Request the certificate

sudo certbot certonly --manual --preferred-challenges dns -d safesite.bernatchez.net
# At this point You will be asked for a TXT record similar to this:
# name:  _acme-challenge.safesite.bernatchez.net.
# value: Tv1E2PLJyIU1ePiLfW-bv8SdAq4wa3QDud76zfB7asU
# And prompted to press enter to continue.
# Wait until the steps below are done before continuing.

Add the TXT record

Using your web interface to your DNS service add a TXT record like this.

_acme-challenge.safesite TXT Tv1E2PLJyIU1ePiLfW-bv8SdAq4wa3QDud76zfB7asU

DNS records take time to propagate, so you must first make sure that the record has propagated before you press continue on the certbot prompt.

Verify that it has propagated

In anoter terminal window type the following command once in a while until your TXT record appears in the answer section.

dig -t txt _acme-challenge.safesite.bernatchez.net

Continue certbot in the original terminal window

Press Enter. Your certificate files will be here: /etc/letsencrypt/live/safesite.bernatchez.net/

fullchain.pem:

Contains your domain's SSL certificate and the necessary intermediate certificates to form a valid chain of trust back to the Let's Encrypt root certificate.

privkey.pem:

Your private key, which must be kept secret to secure your website.

cert.pem:

Contains your domain's specific SSL certificate.

chain.pem:

Contains the intermediate certificate(s) that link your domain's certificate to the root CA.

Publicado el Sat, 06 Sep 2025 par Pierre Bernatchez dans «SSL». Palabras clave: certificate, security, authentication, how to