Certbot: Issue and install certificate for Apache
Before you begin
To install the certificate, ensure you have the following ACME details:
ACME directory URL:
For CertCentral accounts, use the region-specific URL (See Inbound IP addresses and URLs by environment and region).
Base URL:https://one.digicert.com/mpki/api/v1/acme/v2/directory>.
Region-specific URLs:
EU region: https://one.nl.digicert.comorhttps://one.ch.digicert.comJapan region: https://one.digicert.co.jpUS region: https://one.us.digicert.comThe external account binding (EAB) credentials from DigiCert:
The EAB key identifier (KID). For CertCentral. accounts, use ACME credentialsi.
Sample KID:zcwmKf9sCnDUZsbCOgnv1ijy46l6UeEYCavSQQirl-g
The external account binding HMAC key from your ACME credentials.
Sample HMAC: RHZraHBXQUxWTEFGdFhndjRVNmV3S3F6c2VNZDM1QzRURGhjdHF3S1NublJjN3dhVUFObzA0SXJwVHBnU2xnR
Issue and install the certificate for prevalidated domains
At the command-line prompt, run the following command to issue and install OV/EV certificates with prevalidated domains in CertCentral.
For DV certificates or domains that are not prevalidated, use additional commands to validate them dynamically through Certbot. For examples, see here (DNS-01 validation method) and here (HTTP-01 validation method).
sudo certbot --apache --register-unsafely-without-email --eab-kid {MY-KEY-IDENTIFIER} --eab-hmac-key {MY-HMAC-KEY} --server {ACME-URL} --config-dir {MY-CONFIG-DIR} -d {FQDN}To complete the process, run the command.
What's next
The certificate is validated, issued, and installed successfully.
The domains are validated, and the certificate is issued and installed on your Apache web server.
To renew, reissue, or duplicate the certificate, see Certbot: Renew, reissue, or duplicate certificate using ACME URL query parameters