Translation(s): English - Français - Русский


Let’s Encrypt

Let’s Encrypt is an automated certificate authority providing free of charge, domain-validated TLS certificates that are obtained using the ACME protocol.

Let’s Encrypt clients

Jessie Howto

Stretch Howto

You can install certbot from the main repository. You can also install some useful plugins to make the getting certificates for nginx or apache easier.

The default version of certbot that is available in the repository will result in the following error message if you try to run certbot --apache:

Client with the currently selected authenticator does not support any combination of challenges that will satisfy the CA.

As discussed in the LetsEncrypt Forums this is due to a security issue that existed in the old client.

In order to make a certificate for apache you can use the following command:

sudo certbot --authenticator standalone --installer apache \
  -d <domain> --pre-hook "service apache2 stop" --post-hook "service apache2 start"

In order to make a certificate for nginx you can use the following command:

sudo certbot --authenticator standalone --installer nginx \
  -d <domain> --pre-hook "service nginx stop" --post-hook "service nginx start"