<\/p>\n\n\n\n
DigitalOcean Certbot Standalone mode<\/strong><\/p>\n\n\n\n Do you know that we can secure other kinds of services with Certbot’s standalone mode, such as a message broker, a mail server, and so on? Certbot provides a variety of options for validating the domain, configuring Apache and Nginx automatically, retrieving certificates, and so on.<\/p>\n\n\n\n Our Technical Experts will walk you through the following topics in this in-depth guide:<\/p>\n\n\n\n However, before we get started, let’s go over the prerequisites:<\/p>\n\n\n\n <\/p>\n\n\n\n According to our Technical Support Team, we can install Certbot using the snap package. However, before we can do that, we must first install snapd. Fortunately, snaps are supported by Ubuntu 20.4; all we have to do now is ensure the snapd core is up to date:<\/p>\n\n\n\n If the server has a previous version of certbot, we can remove it with the following command:<\/p>\n\n\n\n The certbot package must then be installed:<\/p>\n\n\n\n The certbot command from the installation directory must then be linked to our path:<\/p>\n\n\n\n <\/p>\n\n\n\n To demonstrate our control over the domain, we’ll use port 80 or 443 to respond to the Let’s Encrypt API’s cryptographic challenge.<\/p>\n\n\n\n We can then use Certbot to obtain the certificate. The \u2013standalone option can be used here so that the Certbot can manage the challenge using its built-in web server. We can also use the -d flag to specify the domain for which we want the certificate. We can also use multiple -d options to cover multiple domains with a single certificate.<\/p>\n\n\n\n After running the above command, we must enter an email address and accept the terms of service. This is followed by a message indicating that the process was completed successfully and the location of the certificates.<\/p>\n\n\n\n <\/p>\n\n\n\n We’re going to look at what Certbot downloaded in this step. To list the directory that contains the keys and certificates, we can use the ls command, as shown below:<\/p>\n\n\n\n Some software needs certificates in various formats, while others require certificates in their original format. In the latter case, we’ll need to write a script to move the fields around and change permissions as needed. In the latter case, we’ll need to write a script to move the fields around and change permissions as needed.<\/p>\n\n\n\n <\/p>\n\n\n\n Let’s Encrypt certificates have a 90-day expiration date. The process of renewing a certificate is easier to automate. This is handled by the certbot package, by adding a renew script to \/etc\/cron.d. The renew script runs two times a day, renewing certificates that are about to expire in 30 days.<\/p>\n\n\n\n We can use the renew hook option to run other tasks after renewal. We’ll need to update Certbot’s renewal configuration file to add the renew_hook option.<\/p>\n\n\n\nHow to install Certbot?<\/h2>\n\n\n\n
sudo snap install core; sudo snap refresh core<\/code><\/pre>\n\n\n\nsudo apt remove certbot<\/code><\/pre>\n\n\n\nsudo snap install --classic certbot<\/code><\/pre>\n\n\n\nsudo ln -s \/snap\/bin\/certbot \/usr\/bin\/certbot<\/code><\/pre>\n\n\n\nHow to run Certbot?<\/h2>\n\n\n\n
sudo ufw allow 443\nOutput\nRule added\nRule added (v6)<\/code><\/pre>\n\n\n\nsudo certbot certonly --standalone -d the_domain<\/code><\/pre>\n\n\n\nHow should the application be configured?<\/h3>\n\n\n\n
sudo ls \/etc\/letsencrypt\/live\/your_domain\nOutput:\ncert.pem chain.pem fullchain.pem privkey.pem README<\/code><\/pre>\n\n\n\nHow to manage Certbot automatic renewals?<\/h3>\n\n\n\n
sudo nano \/etc\/letsencrypt\/renewal\/the_domain.conf<\/code><\/pre>\n\n\n\n