{{tag>info-tech:software:command}}

====== certbot ======

[[https://certbot.eff.org|certbot]] is a command to manage SSL certificates.

===== Install =====

use docker-compose.yml

<code yaml>
...
  certbot:
    restart: "no"
    image: certbot/certbot:latest
    profiles: ["_"]
    volumes:
      - ./certbot/etc/:/etc/letsencrypt/
      - ./certbot/var/:/var/lib/letsencrypt/
      - ./certbot/public/:/public/  # dir for webroot (shared with nginx)
...
</code>

==== nginx setup ====

By the following [[study:info-tech:software:nginx]] config, retrieving new certificate becomes easy.

<code nginx>
server {
  listen 80;
  location /.well-known/ {
    root /srv/http/certbot/;  # dir for webroot (specified in docker-compose.yml)
  }
  location / {
    return 301 https://$host$request_uri;
  }
}
</code>

===== Usage =====

==== Retrieve new certificate ====

<code>
docker-compose run certbot certonly --webroot -w /public -d <DOMAIN> --agree-tos
</code>

==== Renew all known certificates ====

<code>
docker-compose run certbot renew
</code>