Let's Encrypt Certificate Generator
Build a certbot command for HTTPS certificates
Let's Encrypt is a free certificate authority for HTTPS. Certbot is the official client that automates certificate requests and renewals. This generator helps you build a correct certbot command for your setup.
- Enter one or more domains and choose the validation method.
- Copy the generated command and run it on the server that hosts the domain.
- Complete any required validation (HTTP file or DNS TXT record).
Use the dry-run command first when you are testing. Install certbot from the official instructions for your OS or hosting provider.
- Single domain: example.com
- Multiple domains: example.com api.example.com
- Wildcard: example.com + wildcard (DNS-01)
HTTP-01 places a validation file on your web server. DNS-01 asks you to create a TXT record in DNS. Wildcard certificates always require DNS-01.
For DNS-01 validation, certbot will prompt you to add a TXT record like this:
_acme-challenge.example.com TXT "random-token-from-certbot"Add the record at your DNS provider, wait for it to propagate, then continue certbot.
Let's Encrypt certificates are short-lived. Most systems set up renewal via systemd timers or cron when certbot is installed. Use staging first if you are experimenting with commands.
What is Let's Encrypt?
Let's Encrypt is a free, automated certificate authority that provides SSL/TLS certificates.
What is Certbot?
Certbot is the official client that automates certificate requests and renewals.
What is a wildcard certificate?
A wildcard certificate secures all subdomains of a domain (for example, *.example.com).
What is standalone mode?
Standalone mode allows certbot to run its own temporary web server for HTTP-01 validation.
What is webroot mode?
Webroot mode uses an existing web server to serve validation files from a specified directory.