Certbot: Issue and install private CA Manager certificate for Apache, values supplied as command options
Before you begin
To install the certificate, ensure you have the following ACME details:
ACME directory URL:
For hosted Trust Lifecycle Manager accounts, use the region-specific URL (See Inbound IP addresses and URLs by environment and region).
Base URL:https://one.digicert.com/mpki/api/v1/acme/v2/directory>.
Region-specific URLs:
EU region: https://one.nl.digicert.comorhttps://one.ch.digicert.comJapan region: https://one.digicert.co.jpUS region: https://one.us.digicert.comThe external account binding (EAB) credentials from DigiCert:
The EAB key identifier (KID). For DigiCert® Trust Lifecycle Manager. accounts, use certificate profile.
Sample KID:zcwmKf9sCnDUZsbCOgnv1ijy46l6UeEYCavSQQirl-g
The external account binding HMAC key of the certificate profile .
Sample HMAC: RHZraHBXQUxWTEFGdFhndjRVNmV3S3F6c2VNZDM1QzRURGhjdHF3S1NublJjN3dhVUFObzA0SXJwVHBnU2xnR
Issue and install the certificate
At the command-line prompt, run the following command to issue and install a private certificate from DigiCert® Private CA.
For public certificates, use additional command options to validate domains dynamically through Certbot. For examples, see here (DNS-01 validation method) and here (HTTP-01 validation method).
sudo certbot --apache --register-unsafely-without-email --eab-kid {MY-KEY-IDENTIFIER} --eab-hmac-key {MY-HMAC-KEY} --server {ACME-URL} --config-dir {MY-CONFIG-DIR} -d {FQDN}To complete the process, run the command.
What's next
The certificate is validated, issued, and installed successfully.
The domains are validated, and the certificate is issued and installed on your Apache web server.
To renew, reissue, or duplicate the certificate, see Certbot: Renew, reissue, or duplicate certificate using ACME URL query parameters