The Sysadmin Wiki

TLS (formerly SSL) is a network protocol for serving web pages like HTTP is, but only encrypted.

Let's Encrypt[]

Debian 9 (Stretch / currently stable)[]

Installing the Let's Encrypt client:

sudo apt install certbot

Generate cert when you don't have a webserver running currently (don't forget to replace the e-mail address, domain and read the TOS and make sure you know what this command does before you execute it):

certbot certonly --standalone --agree-tos --no-eff-email -m "" -d

Generate CSR[]


openssl req -new -newkey rsa:4096 -nodes -keyout server.key -out server.csr

It will then ask you for the following information:

Country Name (2 letter code) [AU]:
State or Province Name (full name) [Some-State]:
Locality Name (eg, city) []:
Organization Name (eg, company) [Internet Widgits Pty Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (e.g. server FQDN or YOUR name) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Not all fields are required for CAs to sign your certificate.

See also[]