Certbot is packaged with Debian Jessie and can be obtained using the backport repositories. To install Certbot on Debian Jessie, we can use the command:
sudo apt-get install certbot -t jessie-backportsThis will install the Certbot client. To obtain a SSL certificate using Certbot, we need to enter the command:
sudo certbot certonlyThis will allow us to interactively select the plugin and specify options that will be used to download the HTTPS certificate files. The webroot plugin is a simple plugin that downloads certificate files to the /etc/letsencrypt folder.
The webroot plugin can be used to obtain several certificates at a time. The plugin downloads verification files to the user specified folder. These files should be accessible over the internet. The Certbot server checks the presence of the files and then issues the requested certificates files. The files are saved to the /etc/letsencrypt folder. This folder contains several sub folders. The renew sub folder contains information used for renewing the certificate files. The live sub folder contains the certificate files used by the web server. It contains one sub folder for each domain.
sudo certbot renewThis will renew all certificates that were issued to the Certbot. The command can be run daily from cron. The Lets Encrypt installation guide describes the process of installing HTTPS certificate files using Certbot. The user guide describes the Certbot command line options in detail.