Renew certificates through API instead of command line interface


#1

Hi,

I have configured let’s encrypt on Linux OS and running below commands whenever needs to renew the certs as a root user.

./certbot-auto renew --all OR ./certbot-auto renew --cert-name domain_name (--force-renewal)
It’s working fine and makes things simple.

Now I want to renew the certs through API. Is there any API for lets encrypt to renew the certs instead of through command line interface as the root user.

Also, Can we create/renew the certificates as normal role account instead of the root user?

Thanks
Rajesh


#2

Hi,

When requesting the certificate, Certbot would connect to Let’s Encrypt API server to get all challenges / information needed to renew / create new certificate.

There are many client options (in different programming languages) you could use, but all of the clients are using Let’s Encrypt API.

However, I’m not sure if there’s any implementation that allow you to execute certbot renew commands via a server API. (Since private key generation and account private key are saved locally and never sent to API server)

It’s possible to create certificate with normal Linux user, but not in certbot.

See client options

Thank you


#3

Hi @Rajesh

there are a lot of apis you can use instead of Certbot.

But: The communication with Letsencrypt doesn’t require local root rights.

If you want to install the certificate local, you must be able to manage your webserver (changing config files, stop / start webserver). And the private keys should be saved secure, so only root can see these files.

So the root requirement is a “little bit complicated”.


#4

Thanks for the reply.

So I can’t create/renew the cert using certbot through API interface, can I?

And I owned all the web server files, private keys, and entire /etc/letsencrypt dir and tried to renew the cert but still, it’s asking me to run as root user. :-(:disappointed:


#5

Certbot doesn’t support an API, it’s a command line tool. If you want to use an API, there are a lot of libraries.

If you use Certbot, then root rights are required.


#6

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.