There’s plenty of guides on this already, but I recently used Let’s Encrypt certbot client again manually (instead of through already automated systems) and figured I’d write up the commands for myself. Just in case.
$ git clone https://github.com/letsencrypt/letsencrypt.git /opt/letsencrypt $ cd /opt/letsencrypt
Now that the client is available on the system, you can request new certificates. If the DNS is already pointing to this server, it’s super easy with the webroot validation.
$ /opt/letsencrypt/letsencrypt-auto certonly --expand \ --email you@domain.tld --agree-tos \ --webroot -w /var/www/vhosts/yoursite.tld/htdocs/public/ \ -d yoursite.tld \ -d www.yoursite.tld
You can add multiple domains with the -d flag and point it to the right document root using the -w flag.
After that, you’ll find your certificates in
$ ls -alh /etc/letsencrypt/live/yoursite.tld/* /etc/letsencrypt/live/yoursite.tld/cert.pem -> ../../archive/yoursite.tld/cert1.pem /etc/letsencrypt/live/yoursite.tld/chain.pem -> ../../archive/yoursite.tld/chain1.pem /etc/letsencrypt/live/yoursite.tld/fullchain.pem -> ../../archive/yoursite.tld/fullchain1.pem /etc/letsencrypt/live/yoursite.tld/privkey.pem -> ../../archive/yoursite.tld/privkey1.pem
You can now use these certs in whichever webserver or application you like.