Certbot is a ACEM client to get SSL certificates for web server, to make a website accessible through HTTPS. Certbot, by default, get certificates from Let's Encrypt, the most popular free CA.
sudo zypper install python3-certbot
If you are using Apache web server, install this plugin:
sudo zypper install python3-certbot-apache
If you are using NGINX web server, install this plugin:
sudo zypper install python3-certbot-nginx
Certbot a client of an online service and the API might change at anytime. We recommend using the latest openSUSE Leap release or Tumbleweed, to get newer Python and Certbot. Latest Leap is usually shipped with a little older Certbot, which should work without problem. However, if you encounter issues, try latest version from openSUSE Build Service:
Get certificates for Apache/NGINX
Let's say you have a website http://example.com/ powered by Apache/NGINX, and you want to enable HTTPS for it. Before running Certbot, make sure you have a valid Apache/NGINX virtual host config at
NGINX is not only used to serve static files and run cgi, but also used as a proxy to forward requests to Node.js or Go app. NGINX handles SSL, IPv4/IPv6, much better than Node.js or Go. It also enables you to run multiple web apps sharing the same 80/443 ports.
Run this command and follow the instruction, Certbot will install certificates and update Apache/NGINX config automatically:
sudo certbot run
You do NOT need to restart Apache or Nginx server. Certbot does it for you!
If you are using other web server with no plugin support, you generate certificates only and manually configure your web server:
sudo certbot certonly
Certificates issued by Let's Encrypt will expire in 3 month. If you forget to renew certificates, your website will be inaccessible. If you don't want to waste time on this, you can setup a systemd timer or cron job to automatically run renew command.
sudo zypper install certbot-systemd-timer sudo systemctl enable certbot-renew.timer sudo systemctl start certbot-renew.timer
sudo crontab -e
21 07 22 * * root /usr/bin/certbot renew
This will run renew every day at 22:07:21. You should use a different random time to avoid that everyone renew at the same time and crash Let's Encrypt server.
Test in browser
Open your web browser, visit your website start with "https://" and see if the website works fine.
You can also test your website on SSL Labs.
- uacme, another ACME written in C
- Setup openSUSE VPS, other steps to setup a web server