Basic commands for installing and using Let’s Encrypt on FreeBSD
Installing Certbot
Install certbot using packages for Python 2.7:
pkg install py27-certbot
Install certbot using packages for Python 3.7:
pkg install py37-certbot
Before Using Let’s Encrypt for the First Time
Create your /usr/local/etc/letsencrypt/letsencrypt.ini file
rsa-key-size = 4096 server = https://acme-v02.api.letsencrypt.org/directory email = email@domain.tld text = True agree-tos = True renew-by-default = True authenticator = standalone
Now, you must register your account
certbot register
Creating a Certificate
The standalone server is the easiest way to authenticate, but often requires you to stop your web server to do so. If this is an option for you, then I’d recommend doing this as it only takes a few seconds as long as you’re properly prepared. Otherwise, use the webroot method which is likely your only option in a production environment. I use webroot, as per the configuration file above.
Create your certificate as follows:
certbot certonly -c /usr/local/etc/letsencrypt/letsencrypt.ini -d domain.tld -d www.domain.tld
Time to Renew
certbot manages your domains and you are not required to renew each individually. Instead, you can simply issue the following command:
certbot renew
Deleting a Domain
In order to delete a certificate, you must know the certificate name, which is usually the domain name. But, to verify, run the following command:
certbot certificates
The results should resemble the following:
certbot certificates Saving debug log to /var/log/letsencrypt/letsencrypt.log - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Found the following certs: Certificate Name: domain.tld Domains: domain.tld www.domain.tld Expiry Date: 2019-06-16 18:12:08+00:00 (VALID: 89 days) Certificate Path: /usr/local/etc/letsencrypt/live/domain.tld/fullchain.pem Private Key Path: /usr/local/etc/letsencrypt/live/domain.tld/privkey.pem
To delete that certificate, you would type the following:
certbot delete --cert-name domain.tld