Installing Certbot

Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates. For more information see https://letsencrypt.org/
Run these steps to install the Certbot client.


# cd /usr/ports/security/py-certbot
# make install clean

To request the certificate we need to run the certbot command using one domain as follows. We will be using the standard apache path located at /usr/local/www/apache24/data and then using domain.com as the example domain.


# certbot certonly --webroot -w /usr/local/www/apache24/data/ -d domain.com

This is an example output:


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Enter email address (used for urgent renewal and security notices) (Enter 'c' to cancel): user@domain.com

-------------------------------------------------------------------------------
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.1.1-August-1-2016.pdf. You must agree in order to register with the ACME server at
https://acme-v01.api.letsencrypt.org/directory

-------------------------------------------------------------------------------
(A)gree/(C)ancel: A

-------------------------------------------------------------------------------
Would you be willing to share your email address with the Electronic Frontier Foundation, a founding partner of the Let's Encrypt project and the non-profit organization that develops Certbot? We'd like to send you email about EFF and our work to encrypt the web, protect its users and defend digital rights.

-------------------------------------------------------------------------------
(Y)es/(N)o: N

Obtaining a new certificate
Performing the following challenges:
http-01 challenge for domain.com
Using the webroot path /usr/local/www/apache24/data for all unmatched domains.
Waiting for verification...
Cleaning up challenges

IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at /usr/local/etc/letsencrypt/live/domain.com/fullchain.pem.
Your cert will expire on 2017-10-11. To obtain a new or tweaked version of this certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run "certbot renew" - Your account credentials have been saved in your Certbot
configuration directory at /usr/local/etc/letsencrypt. You should
make a secure backup of this folder now. This configuration
directory will also contain certificates and private keys obtained
by Certbot so making regular backups of this folder is ideal.
- If you like Certbot, please consider supporting our work by:

Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
Donating to EFF: https://eff.org/donate-le

The apache and qmail guides have their own way of configuring ssl with certbot.