Here is the command to install Let’s Encrypt SSL certificate with certbot and DNS challenge a.k.a. acme-challenge.
sudo certbot certonly --manual --preferred-challenges dns -d example.com
You’ll be prompted to add an TXT record for the desired domain.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please deploy a DNS TXT record under the name
_acme-challenge.example.com with the following value:
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Before continuing, verify the record is deployed.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Press Enter to Continue
After that you have to point the path to the certificates on the web server configuration for the domain. For nginx on Debian/Ubuntu:
server {
listen 443 ssl http2;
...
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
...
}
Or Apache:
<VirtualHost *:443>
...
SSLEngine on
SSLCertificateFile "/etc/letsencrypt/live/example.com/fullchain.pem"
SSLCertificateKeyFile "/etc/letsencrypt/live/example.com/privkey.pem"
...
</VirtualHost>
Important: Certificates that are created using --manual
(and without an authentication hook) cannot be automatically renewed.