How to generate ssl ca using certbot and automate renewal

Help
1

Can someone share the command to generate SSL ca using certbot.

Hosting provider: namecheap

I have installed certbot using brew install certbot

I have found a command on youtube that generate the ca but I am assuming it does not automate the renewal.
" sudo certbot certonly --manual -d [domain.com] --agree-tos --manual-public-ip-logging-ok --preferred-challenges http-01 --server https://acme-v02.api.letsencrypt.org/directory --register-unsafely-without-email --rsa-key-size 4096"

If needed do share command for the cronjob

2

certbot can't generate a CA certificate.

Do you need a CA certificate or a valid certificate from a CA?
If the latter, you want to avoid using anything that can't be automated:

3 Likes
3

@rg305 Can you elaborate. Also what is the best way to get SSL certificate? Can you give commands?

I just want to get letsencrypt SSL certificate for my website.

4

There are many ways.
The best is any way that can be automated.
Using --manual defeats that goal.

Commands are unique to each circumstance.
Can the Internet reach your server via HTTP?
Do you require a regular cert or a wildcard cert?

3 Likes
5

@rg305 I am using namecheap web hosting for my server. and I need regular cert for static sites.

6

What is the FQDN?
I think you already maxed out the "project" name [for this week].

3 Likes
7

trushargavit.com

Yes, But I will be using letsencrypt now on other websites too

8

I recomend using the staging environment for all testing.

That said, I think you must of used a working command to get the certs for "project".
This would be a similar command - but with this name and webroot path [if that was used].

So...
What was the command used to get a cert for "project"?

3 Likes
9

@rg305 for that I used acme.sh command acme.sh --issue -d [project.trushargavit.com ](http://project.trushargavit.com/) -d [www.project.trushargavit.com](http://www.project.trushargavit.com/) -w /home/username/project.trushargavit.com

But the cert was not valid. I contact the customer support and their response was same for the cert.

then I tried the certbot to get cert and it worked on other subdomain but the command I used does not automate the renewal.

10

I think the certs were valid.
The problem was with cPanel not being able to serve your subdomain and cert correctly.

That is highly unlikely - acme.sh sets up a cron job to renew on install.

Please show:
acme.sh --list

3 Likes
11

I have removed the cert from cpanel

12

I asked nothing from cPanel.

3 Likes
13

also uninstalled the acme.sh

14

Then how are you going to get new certs?

3 Likes
15

Can you share the best way to get SSL cert with commands.

16

Step #1 [from where you are] is to get an ACME client
[ I don't see anything wrong with using acme.sh - it obviously was able to issue certs on that system ]

4 Likes
17

Did you remove the acme.sh directory?

3 Likes
18

Yes, I removed the directory

19
3 Likes
20

Okay let me try for another sub domain of mine and get back to you

1 Like