This assumes you have installed Certbot.
Let's say you have an HTTP server listening on port 80 with DNS name example.com, and you want to create a public private key pair that can be used for SSL/TLS encryption for the HTTP server. On that system that certbot was installed on, use the ps command to determine if port 80 is being used by some other process, because when creating a standalone certificate using certbot, certbot creates a temporary process on port 80.
~]$ sudo netstat -anop | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 997/haproxy off (0.00/0/0)
In this example, HAProxy is using port 80. One option would be to stop HAProxy, which you would probably only do if this is a non-production development machine.
systemctl stop haproxy
Now let's use certbot to create a public private key pair for the example.com HTTP server.
~]$ certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Please enter the domain name(s) you would like on your certificate (comma and/or
space separated) (Enter 'c' to cancel): example.com
Requesting a certificate for example.com
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/example.com/privkey.pem
This certificate expires on 2023-08-11.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
If you like Certbot, please consider supporting our work by:
* Donating to ISRG / Let's Encrypt: https://letsencrypt.org/donate
* Donating to EFF: https://eff.org/donate-le
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Now you can restart HAProxy.
systemctl start haproxy
Did you find this article helpful?
If so, consider buying me a coffee over at 