Certbot is a tool that allows you to manage the Transport Layer Security ([[TLS]]) of your Webserver.
{{ambox|
|type = content
|text = auto renewal stripped some important params from the configuration in <tt>/etc/letsencrypt/renewal/wiki.freephile.org</tt>, so I had to add them back:
<syntaxhighlight lang=diff>
[renewalparams]
-authenticator = webroot
+authenticator = standalone
account = 3b0dcc96ceabfb4cf56597fe14ddee7a
server = https://acme-v02.api.letsencrypt.org/directory
manual_public_ip_logging_ok = None
+http01_port = 54321
+installer = None
+pref_challs = http-01
</syntaxhighlight>
The '''real''' solution is to upgrade Certbot, which will happen anyway when we upgrade the host, which will happen anyway when we move to [[Canasta]], so '''get 'er done!'''
Then, update this page content to reflect current usage.
[[User:Admin|freephile]] ([[User talk:Admin|talk]]) 11:49, 15 May 2023 (EDT)
<br />
}}
== Let's Encrypt ==
We used to run certificates from StartSSL because they offer free one-year certificates. However, today we upgraded to using 'LetsEncrypt' and our certificates are both more secure and easier to manage. Instead of a "B" grade, we now have "A" grade security. <ref>https://www.ssllabs.com/ssltest/analyze.html</ref>
[[File:AGradeCertificate grade.png|left|500px]] [[File:BGrade.png|right|500px]]
'''Certbot''' ([https://github.com/certbot/certbot code]) is a fully-featured, extensible client for the Let's Encrypt CA (or any other CA that speaks the ACME protocol) that can automate the tasks of obtaining certificates and configuring web servers to use them. This client runs on Unix-based operating systems. It '''requires''' root access and is '''beta''' software.