Certbot: Issue and install certificate for Apache
Command syntax
At the command-line prompt, run the following command to issue and install a certificate for the Apache web server.
sudo certbot --apache --register-unsafely-without-email --eab-kid {MY-KEY-IDENTIFIER} --eab-hmac-key {MY-HMAC-KEY} --server {ACME-URL} --config-dir {MY-CONFIG-DIR} -d {FQDN}Fill in values for the command arguments shown in curly braces, as described below:
Command argument | Description |
|---|---|
| The EAB key identifier (KID). For CertCentral. accounts, use ACME credentialsi. |
| Use the EAB HMAC key. |
| For CertCentral accounts, use https://one.digicert.com/mpki/api/v1/acme/v2/directory |
| Use the local path to Certbot configuration files for the current application. |
| Use the fully qualified domain name (FQDN) to secure the certificate. |
Example command:
sudo certbot --apache --register-unsafely-without-email --eab-kid zcwmKf9sCnDUZsbCOgnv1ijy46l6UeEYCavSQQirl-g --eab-hmac-key RHZraHBXQUxWTEFGdFhndjRVNmV3S3F6c2VNZDM1QzRURGhjdHF3S1NublJjN3dhVUFObzA0SXJwVHBnU2xnRA --server https://one.digicert.com/mpki/api/v1/acme/v2/directory --config-dir /usr/local/certbot/my_webserver_config/ -d my.host -d alias.my.host
Usage notes
Default order: If the requested certificate matches an existing order, CertCentral applies the default automation action. See ACME automation actions.
This command only works for OV/EV certificates for which the domain has been prevalidated in CertCentral. To issue DV certificates, or to issue OV/EV certificates when the domain is not prevalidated, you must use additional options to validate the domain dynamically through Certbot. For examples, see here (DNS-01 validation method) and here (HTTP-01 validation method).