Certbot & Let's Encrypt
The following is what I use to issue or renew (manually) Let's Encrypt certificates for my home lab. I've got Certbot installed and use Cloudflare, so that is set up already. This single terminal command will issue for the TLD and give a wildcard certificate for all the subdomains.
certbot certonly \
--agree-tos \
--email [email protected] \
-d tldomain.net \
-d "*.tldomain.net" \
--dns-cloudflare \
--dns-cloudflare-credentials /etc/letsencrypt/cloudflare.ini \
--dns-cloudflare-propagation-seconds 120Certbot stores certificates and private keys in a specific directory structure. By default, this is /etc/letsencrypt/live/your_domain_name.
Here's a breakdown:
- Certificate:
/etc/letsencrypt/live/your_domain_name/fullchain.pem - Private Key:
/etc/letsencrypt/live/your_domain_name/privkey.pem