Certbot: Issue and install certificate for Apache using HTTP-01 domain validation
Command syntax
At the command-line prompt, use the below command syntax to issue and install a public DV, OV, or EV certificate for the Apache web server, using the HTTP-01 method for domain control validation:
sudo certbot --apache --register-unsafely-without-email --eab-kid {MY-KEY-IDENTIFIER} --eab-hmac-key {MY-HMAC-KEY} --server {ACME-URL} --config-dir {MY-CONFIG-DIR} -d {FQDN} --manual --preferred-challenges http
Fill in values for the command arguments shown in curly braces, as described below:
Command argument | Description |
---|---|
| The EAB key identifier (KID). For CertCentral. accounts, use ACME credentialsi. |
| The EAB HMAC key. |
| For CertCentral accounts, use https://one.digicert.com/mpki/api/v1/acme/v2/directory |
| Local path to Certbot configuration files for the current application. These files control how and where Certbot installs certificates. If |
| The fully qualified domain name (FQDN) to secure the certificate. Use -d for each domain; the first entry becomes the common name (CN). |
Example command:
sudo certbot --apache --register-unsafely-without-email --eab-kid abcdef8sCnHGBsbCOgnv1ijy00l6UeEYCavSSSirl-k --eab-hmac-key EEEraHBXQUxWTEFGdFhndjRVNmV4t4F6c2VNZDM1QzRURGhjdHF3S1NublJjN0dhVUFObzA0SXJwVHBnU2yyUH --server https://one.digicert.com/mpki/api/v1/acme/v2/directory --config-dir /usr/local/certbot/my_other_public_webserver_config/ -d test.com -d www.test.com --manual --preferred-challenges http
Usage notes
For OV/EV certificates, if the domain is prevalidated in CertCentral, then CertCentral validates the domain itself, out-of-band and independent of the ACME protocol.
For DV certificates, and for OV/EV certificates that are not prevalidated, the
--preferred-challenges
option specifies the preferred form of ACME-based domain validation. Enterhttp
here to request HTTP-01 validation.This command runs interactively. Certbot presents you with the below menu to decide how the HTTP validation gets carried out:
Select option 1 in the above menu to have Certbot automatically configure the Apache web server for HTTP validation. Your web server must have port 80 open. Certbot will add lines like the following to the virtual host configuration for port 80:
After validating, the command completes, and the certificate is issued and installed.
Default order: If the requested certificate matches an existing order, CertCentral applies the default automation action. See ACME automation actions.