# Cheatsheet & Examples: certbot

certbot is a command-line tool for obtaining and renewing SSL/TLS certificates from Let's Encrypt, automatically configuring web servers, and managing certificate lifecycles.  

## Obtain a certificate for a single domain  
Example Usage:  
`certbot certonly --standalone -d example.com --email admin@example.com --agree-tos`  
What it does:  
Requests a certificate for a single domain using the standalone plugin (for self-hosted testing), with an email and acceptance of terms.  
Command-line Arguments Explained:  
- `certonly`: Obtains a certificate without automatically configuring a web server.  
- `--standalone`: Uses a standalone web server for validation (no existing server required).  
- `-d example.com`: Specifies the domain name for which to obtain the certificate.  
- `--email admin@example.com`: Provides the email for account registration and notifications.  
- `--agree-tos`: Automatically agrees to Let's Encrypt's terms of service.  

## Renew all certificates  
Example Usage:  
`certbot renew --dry-run`  
What it does:  
Tests certificate renewal without making changes, useful for verifying renewal processes.  
Command-line Arguments Explained:  
- `renew`: Renew certificates that are nearing expiration.  
- `--dry-run`: Simulates renewal without actual certificate changes.  

## Register an account with Let's Encrypt  
Example Usage:  
`certbot register --email admin@example.com --agree-tos`  
What it does:  
Registers a new Let's Encrypt account using the provided email and terms of service.  
Command-line Arguments Explained:  
- `register`: Creates a new account.  
- `--email`: Email for account contact.  
- `--agree-tos`: Accepts the Let's Encrypt terms of service.  

## Revoke a certificate  
Example Usage:  
`certbot revoke --certificate /etc/letsencrypt/live/example.com/fullchain.pem --email admin@example.com`  
What it does:  
Revokes an existing certificate, requiring the certificate path and account email.  
Command-line Arguments Explained:  
- `revoke`: Deletes a certificate from Let's Encrypt.  
- `--certificate`: Path to the certificate file (e.g., `fullchain.pem`).  
- `--email`: Email associated with the account to authenticate the revocation.  

## Run interactive setup with Nginx plugin  
Example Usage:  
`certbot --nginx -d example.com -d www.example.com --agree-tos`  
What it does:  
Automatically configures Nginx to use a certificate for specified domains.  
Command-line Arguments Explained:  
- `--nginx`: Uses the Nginx plugin to modify server configurations.  
- `-d example.com -d www.example.com`: Lists domains to be protected.  
- `--agree-tos`: Accepts the Let's Encrypt terms of service.  

## Use DNS challenge for manual domain validation  
Example Usage:  
`certbot certonly --manual --preferred-challenges dns -d example.com`  
What it does:  
Requests a certificate using the DNS validation method, requiring manual DNS record setup.  
Command-line Arguments Explained:  
- `--manual`: Manual interaction for domain validation.  
- `--preferred-challenges dns`: Chooses DNS-based validation over HTTP.  
- `-d example.com`: Specifies the domain to verify.  

## Test certificate issuance without saving it  
Example Usage:  
`certbot certonly --test-cert -d example.com --key-path /path/to/key.pem`  
What it does:  
Obtains a test certificate (not saved to disk) to validate configuration.  
Command-line Arguments Explained:  
- `--test-cert`: Uses a test certificate for validation.  
- `-d example.com`: Domain name for testing.  
- `--key-path`: Specifies where to save the private key (optional).  

## Renew a specific certificate  
Example Usage:  
`certbot renew --cert-name example.com --force-renewal`  
What it does:  
Forces renewal of a specific certificate (e.g., if it's expiring soon).  
Command-line Arguments Explained:  
- `renew`: Renew certificates scheduled for expiration.  
- `--cert-name`: Identifies the certificate to renew.  
- `--force-renewal`: Overrides automatic checks and renews regardless of time.  

## Auto-configure Apache server  
Example Usage:  
`certbot --apache -d example.com --non-interactive`  
What it does:  
Automatically requests a certificate and updates Apache configurations.  
Command-line Arguments Explained:  
- `--apache`: Uses the Apache plugin to modify server settings.  
- `-d example.com`: Domain to secure.  
- `--non-interactive`: Runs without prompts, assuming defaults.  

## Use standalone mode with custom port  
Example Usage:  
`certbot certonly --standalone --port 8080 -d example.com`  
What it does:  
Uses the standalone plugin and specifies a custom port for validation.  
Command-line Arguments Explained:  
- `--standalone`: Runs a temporary web server for validation.  
- `--port 8080`: Overrides the default port (80/443) for the standalone server.  
- `-d example.com`: Domain to validate.  

## Request a certificate with a custom config  
Example Usage:  
`certbot certonly --config /etc/letsencrypt/custom.conf -d example.com`  
What it does:  
Uses a custom configuration file to request a certificate.  
Command-line Arguments Explained:  
- `--config`: Path to a custom configuration file.  
- `-d example.com`: Domain name.  

## Display help summary  
Example Usage:  
`certbot --help`  
What it does:  
Shows the main help menu with available commands and options.  
Command-line Arguments Explained:  
- `--help`: Displays usage instructions and command descriptions.  

## Check certificate status  
Example Usage:  
`certbot certificates`  
What it does:  
Lists all certificates installed on the system and their details.  
Command-line Arguments Explained:  
- `certificates`: Displays installed certificates and their expiration dates.  

## Run in verbose mode  
Example Usage:  
`certbot --verbose renew`  
What it does:  
Provides detailed logs during certificate renewal for troubleshooting.  
Command-line Arguments Explained:  
- `--verbose`: Increases output verbosity for debugging.  

## Configure multiple domains at once  
Example Usage:  
`certbot certonly --nginx -d example.com -d blog.example.com`  
What it does:  
Requests a certificate for multiple domains using the Nginx plugin.  
Command-line Arguments Explained:  
- `--nginx`: Applies to Nginx.  
- `-d example.com -d blog.example.com`: Comma-separated or multiple `-d` flags for domains.  

## Auto-configure a web server with a pre-restart hook  
Example Usage:  
`certbot --nginx --pre-hook "systemctl stop nginx" -d example.com`  
What it does:  
Runs a command before restarting the web server during certificate installation.  
Command-line Arguments Explained:  
- `--pre-hook`: Executes a command before the server restart (e.g., stopping services).  
- `--nginx`: Uses the Nginx plugin.  
- `-d example.com`: Domain to secure.
