Hi Team,
Steps to issue and renew the certificate in Lets Encrypt.
Installation of Certbot.
How the Certbot will work with Lets Encrypt? do we need to make any integrations from Certbot to Lets Encrypt?
If possible please documents for the same.
List of commands that is been used
Could you perhaps try asking again, using complete sentences? In particular, explain your environment--it's entirely possible (I'd say even probable) that certbot isn't the best tool for you to use. The template you were given when you started this topic (and then deleted) may not directly apply to your question, but it would have given us more information than you did. Some questions to address:
Hello Team,
We have a requirement to issue external SSL/TLS certificates to users based on the CSR (Certificate Signing Request) provided by them, using DigiCert.
As part of our evaluation, we are exploring whether Let’s Encrypt could be used as an alternative for issuing these external certificates. To assess this, we are currently working on a proof of concept (PoC) to understand how Let’s Encrypt can be leveraged for certificate issuance.
During the PoC, we observed that Certbot needs to be installed and typically integrates with specific web server software such as Apache, Nginx, or Caddy.
We referred to the following documentation for installing Certbot on Windows: Certbot Instructions | Certbot
However, we are still not fully clear on:
To gain a better understanding, we would like to clarify a few details.
Separately, we are checking with the relevant teams regarding the server setup. For the questions below, we do not yet have confirmed answers:
Any guidance or clarification on the above—especially around Let’s Encrypt, Certbot, and CSR-based certificate issuance—would be greatly appreciated.
Thank you.
You have observed incorrectly.
Certbot is just one of many ACME clients in existence and Certbot does not integrate with Caddy, as Caddy has its own built-in ACME client.
Let's Encrypt is a CA and uses the ACME protocol.
I don't understand why you aren't clear about this. Certbot is an ACME client and uses the ACME client to issue certificates from an ACME server enabled CA.
Certbot does support issuing using CSRs, but it is very, very limited in this regard and I cannot recommend it.
May I recommend you read and learn more about the ACME protocol before continuing?
...is completely unsupported.
That's an extraordinarily broad question. What in particular do you want to know? In terms of cert issuance, it provides an API to request certificates using client software. It validates control over the domain names you request via either DNS records or a HTTP token.
If you're using Windows, you shouldn't be using Certbot at all. Beyond that, you'll need to clarify what you mean by "external certificate."
That's up to the client, but most clients do support this, even if it's generally considered a suboptimal workflow. How to do this, once again, is up to the client.
The ACME Client (Certbot or other) requests the cert from the ACME Server (Let's Encrypt here). The domain names for the cert are validated by Let's Encrypt using an HTTP or DNS Challenge as described here: Challenge Types - Let's Encrypt
There is a new challenge type called DNS-PERSIST that Let's Encrypt is rolling out soon. That will also need support from the ACME Client you choose. This challenge is easier to setup especially for cases where you don't directly control the HTTP webservers or DNS systems for the domains named in the cert. See: https://letsencrypt.org/2026/02/18/dns-persist-01