index.html

<!--

 ██████╗███████╗██████╗ ████████╗██████╗  ██████╗ ████████╗
██╔════╝██╔════╝██╔══██╗╚══██╔══╝██╔══██╗██╔═══██╗╚══██╔══╝
██║     █████╗  ██████╔╝   ██║   ██████╔╝██║   ██║   ██║
██║     ██╔══╝  ██╔══██╗   ██║   ██╔══██╗██║   ██║   ██║
╚██████╗███████╗██║  ██║   ██║   ██████╔╝╚██████╔╝   ██║
 ╚═════╝╚══════╝╚═╝  ╚═╝   ╚═╝   ╚═════╝  ╚═════╝    ╚═╝

Like looking at code? Help us! https://github.com/certbot/certbot
                               https://github.com/certbot/website

-->
<!DOCTYPE html>
<html lang="en">

  <head>
    <meta charset="utf-8">
    <meta name="viewport" content="width=device-width initial-scale=1" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">

    <title>Certbot</title>
    <meta name="description" content="Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.
">
    <link rel="stylesheet" href="/css/main.css">
    <link ref="shortcut icon" href="/favicon.ico" />
    <meta property="og:image" content="https://certbot.eff.org/images/certbot-OG.png">
    <meta name="twitter:card" content="summary_large_image">
    <meta name="twitter:site" content="@EFF">
    <meta name="twitter:title" content="Certbot">
    <meta name="twitter:description" content="Automatically enable HTTPS on your website with EFF's Certbot, deploying Let's Encrypt certificates.
">
    <meta name="twitter:image" content="https://certbot.eff.org/images/certbot-OG.png">
    <meta name="twitter:image:alt" content="Certbot: An automatic client for enabling HTTPS on your website.">
    <script src='/js/main.js' type="text/javascript" defer="defer"></script>

    
      
        <script src='/js/instructions.js' type="text/javascript" defer="defer"></script>
      
    
</head>


  <body class="index">

    <div class="logo-banner">
  <div class="logo">
    <a href="https://eff.org"><img src="/images/EFF-logo-plain.svg" alt="EFF"></a>
  </div>
  <div class="eff-tagline">
    <span>a project of the Electronic Frontier Foundation</span>
  </div>
</div>

    <nav class="main-nav">
  <div class="logo">
    <a href="/"><img src="/images/certbot-logo-1A.svg" alt="Certbot logo, a robot holding a key"/></a>
  </div>

  <ul>
    <li class="mobile-hidden"><a href="/instructions">certbot instructions</a></li>
    <li class="mobile-hidden"><a href="/about/">about certbot</a></li>
    <li class="mobile-hidden"><a href="/contribute/">contribute to certbot</a></li>
    <li class="mobile-hidden"><a href="/hosting_providers/">hosting providers with HTTPS</a></li>
    <li class="mobile-hidden"><a href="/help/">get help</a></li>
    <li class="donate mobile-hidden"><a target="_blank" href="https://supporters.eff.org/donate/support-work-on-certbot">donate</a></li>
    <li class="donate mobile-only"><a target="_blank" href="https://supporters.eff.org/donate/support-work-on-certbot">donate to EFF</a></li>
    <li id="hamburger">&#x2261;</li>
  </ul>
</nav>

    <div id="shelf">
  <ul>
    <li><a href="/">home</a></li>
    <li><a href="/instructions">certbot instructions</a></li>
    <li><a href="/about/">about certbot</a></li>
    <li><a href="/contribute/">contribute to certbot</a></li>
    <li><a href="/hosting_providers/">hosting providers with HTTPS</a></li>
    <li><a href="/help/">get help</a></li>
    <li><a href="https://supporters.eff.org/donate/support-work-on-certbot">donate</a></li>
    <li id="close">&times;</li>
  </ul>
</div>


    <div class="home-https">
  <!-- get your site on https:// -->
  <div class="lightest-gray-bg">
    <h1>Get your site on <img alt="Lock" class="text-icon" src="/images/Lock.svg"> https://</h1>
  </div>
  <div class="med-gray-bg col-50">
    <div class="gif centered"><img alt="Animation showing a slider moving from a lock with an X to a lock with a checkmark" src="/images/Lock-Slider.gif"></div>
    <div class="col">
      <img alt="Lock with a checkmark" class="icon mobile-hidden" src="/images/FullHTTPSSupport.svg">
      <div class="circle mobile-only">
        <a href="/hosting_providers"><img alt="Lock with a checkmark" class="icon" src="/images/FullHTTPSSupport.svg"></a>
      </div>
      <div class="content-wrapper mobile-hidden">
        <h2>Find out if your hosting provider has HTTPS built in &mdash; no Certbot needed.</h2>
        <a href="/hosting_providers" class="link-button">See the list of providers</a>
      </div>
      <div class="mobile-only centered">
        <h2>
          See if your hosting provider
          <a href="/hosting_providers">offers HTTPS.<img alt="Red arrow pointing right" src="images/chevron-right.png" class="link-arrow"/></a></h2>
      </div>
    </div>
  </div>
  <div class="light-gray-bg col-50">
    <div class="gif"><img alt="Animation showing 'install certbot' typed at a commandline" src="/images/InstallCertbot.gif"></div>
    <div class="col">
      <img alt="Certbot robot logo" class="icon right mobile-hidden" src="/images/Certbot-solid.svg">
      <div class="circle mobile-only">
        <a href="/instructions"><img alt="Certbot robot logo" class="icon right" src="/images/Certbot-solid.svg"></a>
      </div>
      <div class="content-wrapper mobile-hidden">
        <h2>Or, run Certbot once to automatically get free HTTPS certificates forever.</h2>
        <a href="/instructions" class="link-button">Get Certbot instructions</a>
      </div>
      <div class="mobile-only centered">
        <h2>Or, get instructions for <a href="/instructions">Certbot.<img alt="Red arrow pointing right" src="images/chevron-right.png" class="link-arrow"/></a></h2>
      </div>
    </div>
  </div>
</div>



    <div class="hero">
  <div class="instruction-widget">
    <div class="js-only">
  <h1 class="mobile-only">What's your HTTP website running on?</h1>
  <span id="using">My HTTP website is running</span>
  <select id="server-select" name="server">
    <optgroup>
      <option value="" disabled selected>Software</option>
      
        <option value="apache">Apache</option>
      
        <option value="nginx">Nginx</option>
      
        <option value="haproxy">Haproxy</option>
      
        <option value="plesk">Plesk</option>
      
        <option value="webproduct">Web Hosting Product</option>
      
        <option value="other">None of the above</option>
      
    </optgroup>
  </select>

  <span id="on">on</span>
  <select id="os-select" name="os">
    <optgroup>
      <option value="" disabled selected>System</option>
      
        <option value="sharedhost" data-distro="sharedhost" data-version="0">Web Hosting Service</option>
      
        <option value="bitnami" data-distro="bitnami" data-version="0">Bitnami</option>
      
        <option value="snap" data-distro="snap" data-version="0">snapd</option>
      
        <option value="pip" data-distro="pip" data-version="0">pip</option>
      
        <option value="debianstretch" data-distro="debian" data-version="9">Debian 9 (stretch)</option>
      
        <option value="debianbuster" data-distro="debian" data-version="10">Debian 10 (buster)</option>
      
        <option value="debiantesting" data-distro="debian" data-version="11">Debian testing/unstable</option>
      
        <option value="ubuntufocal" data-distro="ubuntu" data-version="20.04">Ubuntu 20.04</option>
      
        <option value="ubuntuother" data-distro="ubuntu" data-version="19.10">Ubuntu 19.10</option>
      
        <option value="ubuntubionic" data-distro="ubuntu" data-version="18.04">Ubuntu 18.04 LTS (bionic)</option>
      
        <option value="ubuntuxenial" data-distro="ubuntu" data-version="16.04">Ubuntu 16.04 (xenial)</option>
      
        <option value="gentoo" data-distro="gentoo" data-version="0">Gentoo</option>
      
        <option value="arch" data-distro="arch" data-version="0">Arch Linux</option>
      
        <option value="fedora" data-distro="fedora" data-version="0">Fedora</option>
      
        <option value="centosrhel7" data-distro="centos" data-version="7">CentOS/RHEL 7</option>
      
        <option value="centosrhel8" data-distro="centos" data-version="8">CentOS/RHEL 8</option>
      
        <option value="freebsd" data-distro="freebsd" data-version="0">FreeBSD</option>
      
        <option value="opbsd6" data-distro="opbsd" data-version="6">OpenBSD 6.0+</option>
      
        <option value="osx" data-distro="macos" data-version="10">macOS</option>
      
        <option value="devuanascii" data-distro="devuan" data-version="2">Devuan ASCII 2.0</option>
      
        <option value="devuanbeowulf" data-distro="devuan" data-version="3">Devuan Beowulf 3.0</option>
      
        <option value="devuanother" data-distro="devuan" data-version="4">Devuan testing/unstable</option>
      
        <option value="tumbleweed" data-distro="opensuse" data-version="0">openSUSE Tumbleweed</option>
      
        <option value="leap" data-distro="opensuse" data-version="15">openSUSE Leap 15.x</option>
      
        <option value="othersnap" data-distro="snap" data-version="0">Other Linux (snapd)</option>
      
        <option value="otherpip" data-distro="pip" data-version="0">Other Linux (pip)</option>
      
        <option value="windows" data-distro="windows" data-version="0">Windows</option>
      
    </optgroup>
  </select>
  <div class="not-sure">
    <a href="/help">Help, I'm not sure!</a>
  </div>
</div>

<div class="no-js-only">
  No javascript? See all setup instructions <a href="/all-instructions">here</a>. Read the full documentation <a href="/docs/">here</a>.
</div>

  </div>

  <p>Use our instruction generator to find custom commands to get Certbot on
  your server's environment. Pick your server's software and system above.</p>
</div>


    <div class="use-certbot">
  <h1>To use Certbot, you'll need...</h1>
  <div class="three-col reqs">
    <div class="col">
      <img alt="A laptop" src="/images/Computer.svg">
      <div class="text-wrapper hanging-indent">
        <span>comfort with the 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">command line</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#command-line">Command Line</a>
    </div>
    <div class="mobile-hidden">
    <p>A command line is a way of interacting with a computer by typing text-based commands to it and receiving text-based replies. 
Certbot is run from a command-line interface, usually on a Unix-like server. In order to use Certbot for most purposes, you’ll need to be able to install and run it on the command line of your web server, which is usually accessed over SSH.</p>

    </div>
    <div class="mobile-only">
      <p>
      A command line is a way of interacting with a computer by typing text-based commands to it and receiving text-based replies. 
Certbot is run from a command-line interface, usually on a Unix-like server. In order to use Certbot for most purposes, you’ll need to be able to install and run it on the command line of your web server, which is usually accessed over SSH.

      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">command line</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#command-line">Command Line</a>
    <p>A command line is a way of interacting with a computer by typing text-based commands to it and receiving text-based replies. 
Certbot is run from a command-line interface, usually on a Unix-like server. In order to use Certbot for most purposes, you’ll need to be able to install and run it on the command line of your web server, which is usually accessed over SSH.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>

</span>
      </div>
    </div>
    <div class="col">
      <img alt="Web browser showing an HTTP site" src="/images/HTTPsite.svg">
      <div class="text-wrapper hanging-indent">
        <span>
          ...and an
          

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">HTTP website</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#http">HTTP</a>
    </div>
    <div class="mobile-hidden">
    <p>HTTP (Hypertext Transfer Protocol) is the traditional, but insecure, method for web browsers to request the content of web pages and other online resources from web servers. It is an Internet standard and normally used with TCP port 80. 
Almost all websites in the world support HTTP, but websites that have been configured with Certbot or some other method of setting up HTTPS may automatically redirect users from the HTTP version of the site to the HTTPS version.</p>

    </div>
    <div class="mobile-only">
      <p>
      HTTP (Hypertext Transfer Protocol) is the traditional, but insecure, method for web browsers to request the content of web pages and other online resources from web servers. It is an Internet standard and normally used with TCP port 80. 
Almost all websites in the world support HTTP, but websites that have been configured with Certbot or some other method of setting up HTTPS may automatically redirect users from the HTTP version of the site to the HTTPS version.

      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">HTTP website</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#http">HTTP</a>
    <p>HTTP (Hypertext Transfer Protocol) is the traditional, but insecure, method for web browsers to request the content of web pages and other online resources from web servers. It is an Internet standard and normally used with TCP port 80. 
Almost all websites in the world support HTTP, but websites that have been configured with Certbot or some other method of setting up HTTPS may automatically redirect users from the HTTP version of the site to the HTTPS version.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


          <br/>
          that is 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">already online</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#website-thats-already-online">Website That’s Already Online</a>
    </div>
    <div class="mobile-hidden">
    <p>Certbot is usually meant to be used to switch an existing HTTP site to work in HTTPS (and, afterward, to continue renewing the site’s HTTPS certificates whenever necessary). Some Certbot documentation assumes or recommends that you have a working web site that can already be accessed using HTTP on port 80. That means, for example, that if you use a web browser to go to your domain using http://, your web server answers and some kind of content comes up (even if it’s just a default welcome page rather than the final version of your site). Some methods of using Certbot have this as a prerequisite, so you’ll have a smoother experience if you already have a site set up with HTTP. (If your site can’t be accessed this way as a matter of policy, you’ll probably need to use DNS validation in order to get a certificate with Certbot.)</p>

    </div>
    <div class="mobile-only">
      <p>
      Certbot is usually meant to be used to switch an existing HTTP site to work in HTTPS (and, afterward, to continue renewing the site’s HTTPS certificates whenever necessary). Some Certbot documentation assumes or recommends that you have a working web site that can already be accessed using HTTP on port 80. That means, for example, that if you use a web browser to go to your domain using http://, your web server answers and some kind of content comes up (even if it’s just a default welcome page rather than the final version of your site). Some methods of using...
      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">already online</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#website-thats-already-online">Website That’s Already Online</a>
    <p>Certbot is usually meant to be used to switch an existing HTTP site to work in HTTPS (and, afterward, to continue renewing the site’s HTTPS certificates whenever necessary). Some Certbot documentation assumes or recommends that you have a working web site that can already be accessed using HTTP on port 80. That means, for example, that if you use a web browser to go to your domain using http://, your web server answers and some kind of content comes up (even if it’s just a default welcome page rather than the final version of your site). Some methods of using Certbot have this as a prerequisite, so you’ll have a smoother experience if you already have a site set up with HTTP. (If your site can’t be accessed this way as a matter of policy, you’ll probably need to use DNS validation in order to get a certificate with Certbot.)</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


          <br/>
          with an open 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">port 80</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#port-80">Port 80</a>
    </div>
    <div class="mobile-hidden">
    <p>Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. 
To use certbot –webroot, certbot –apache, or certbot –nginx, you should have an existing HTTP website that’s already online hosted on the server where you’re going to use Certbot. This site should be available to the rest of the Internet on port 80. To use certbot –standalone, you don’t need an existing site, but you have to make sure connections to port 80 on your server are not blocked by a firewall, including a firewall that may be run by your Internet service provider or web hosting provider. Please check with your ISP or hosting provider if you’re not sure. (Using DNS validation does not require Let’s Encrypt to make any inbound connection to your server, so with this method in particular it’s not necessary to have an existing HTTP website or the ability to receive connections on port 80.)</p>

    </div>
    <div class="mobile-only">
      <p>
      Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. To use certbot –webroot, certbot –apache, or certbot –nginx, you should have an existing HTTP website that’s already online hosted on the server where you’re going to use Certbot. This site should be available to the rest of the Internet on port 80. To use certbot –standalone, you don’t need an existing site, but you have to make sure connections to port 80 on your server are not blocked by a firewall, including a...
      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">port 80</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#port-80">Port 80</a>
    <p>Different Internet services are distinguished by using different TCP port numbers. Unencrypted HTTP normally uses TCP port 80, while encrypted HTTPS normally uses TCP port 443. 
To use certbot –webroot, certbot –apache, or certbot –nginx, you should have an existing HTTP website that’s already online hosted on the server where you’re going to use Certbot. This site should be available to the rest of the Internet on port 80. To use certbot –standalone, you don’t need an existing site, but you have to make sure connections to port 80 on your server are not blocked by a firewall, including a firewall that may be run by your Internet service provider or web hosting provider. Please check with your ISP or hosting provider if you’re not sure. (Using DNS validation does not require Let’s Encrypt to make any inbound connection to your server, so with this method in particular it’s not necessary to have an existing HTTP website or the ability to receive connections on port 80.)</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


        </span>
      </div>
    </div>
    <div class="col">
      <img alt="A sever" src="/images/Server.svg">
      <div class="text-wrapper hanging-indent">
        <span>
          ...which is hosted on a 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">server</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#server">Server</a>
    </div>
    <div class="mobile-hidden">
    <p>A server is a computer on the Internet that provides a service, like a web site or an email service. Most web site owners pay a hosting provider for the use of a server located in a data center and administered over the Internet. This might be a physical dedicated server, a virtual private server (VPS), or a shared server. Other servers provide other parts of the Internet infrastructure, such as DNS servers.</p>

    </div>
    <div class="mobile-only">
      <p>
      A server is a computer on the Internet that provides a service, like a web site or an email service. Most web site owners pay a hosting provider for the use of a server located in a data center and administered over the Internet. This might be a physical dedicated server, a virtual private server (VPS), or a shared server. Other servers provide other parts of the Internet infrastructure, such as DNS servers.

      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">server</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#server">Server</a>
    <p>A server is a computer on the Internet that provides a service, like a web site or an email service. Most web site owners pay a hosting provider for the use of a server located in a data center and administered over the Internet. This might be a physical dedicated server, a virtual private server (VPS), or a shared server. Other servers provide other parts of the Internet infrastructure, such as DNS servers.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


          <br/>
          which you can access via 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">SSH</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#ssh">SSH</a>
    </div>
    <div class="mobile-hidden">
    <p>SSH (which stands for “secure shell”) is a technology for connecting to a remote server and accessing a command line on that server, often in order to administer it. The administrator of a server can grant SSH access to others, and can also use SSH access directly in order to administer the server remotely. SSH is usually used to access servers running Unix-like operating systems, but your own computer doesn’t have to be running Unix in order to use SSH. You normally use SSH from your computer’s command line in a terminal by typing a command such as ssh username@example.com, especially if your own computer runs Linux or macOS. After logging in, you’ll have access to the server’s command line. If you use Windows on your computer, you might also use a dedicated SSH application such as PuTTY. 
Most Certbot users run Certbot from a command prompt on a remote server over SSH.</p>

    </div>
    <div class="mobile-only">
      <p>
      SSH (which stands for “secure shell”) is a technology for connecting to a remote server and accessing a command line on that server, often in order to administer it. The administrator of a server can grant SSH access to others, and can also use SSH access directly in order to administer the server remotely. SSH is usually used to access servers running Unix-like operating systems, but your own computer doesn’t have to be running Unix in order to use SSH. You normally use SSH from your computer’s command line in a terminal by typing a command such as ssh username@example.com,...
      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">SSH</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#ssh">SSH</a>
    <p>SSH (which stands for “secure shell”) is a technology for connecting to a remote server and accessing a command line on that server, often in order to administer it. The administrator of a server can grant SSH access to others, and can also use SSH access directly in order to administer the server remotely. SSH is usually used to access servers running Unix-like operating systems, but your own computer doesn’t have to be running Unix in order to use SSH. You normally use SSH from your computer’s command line in a terminal by typing a command such as ssh username@example.com, especially if your own computer runs Linux or macOS. After logging in, you’ll have access to the server’s command line. If you use Windows on your computer, you might also use a dedicated SSH application such as PuTTY. 
Most Certbot users run Certbot from a command prompt on a remote server over SSH.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


          <br/>
          with the ability to 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">sudo</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#sudo">sudo</a>
    </div>
    <div class="mobile-hidden">
    <p>Sudo is the most common command on Unix-like operating systems to run a specific command as root (the system administrator). 
If you’re logged in to your server as a user other than root, you’ll likely need to put sudo before your Certbot commands so that they run as root (for example, sudo certbot instead of just certbot), especially if you’re using Certbot’s integration with a web server like Apache or Nginx. (The certbot-auto script automatically runs sudo if it’s necessary and you didn’t specify it.)</p>

    </div>
    <div class="mobile-only">
      <p>
      Sudo is the most common command on Unix-like operating systems to run a specific command as root (the system administrator). 
If you’re logged in to your server as a user other than root, you’ll likely need to put sudo before your Certbot commands so that they run as root (for example, sudo certbot instead of just certbot), especially if you’re using Certbot’s integration with a web server like Apache or Nginx. (The certbot-auto script automatically runs sudo if it’s necessary and you didn’t specify it.)

      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">sudo</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#sudo">sudo</a>
    <p>Sudo is the most common command on Unix-like operating systems to run a specific command as root (the system administrator). 
If you’re logged in to your server as a user other than root, you’ll likely need to put sudo before your Certbot commands so that they run as root (for example, sudo certbot instead of just certbot), especially if you’re using Certbot’s integration with a web server like Apache or Nginx. (The certbot-auto script automatically runs sudo if it’s necessary and you didn’t specify it.)</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


          <br/>
        </span>
        <span class="italic">
          optional if you want a 

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">wildcard cert</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#wildcard-certificate">Wildcard Certificate</a>
    </div>
    <div class="mobile-hidden">
    <p>A wildcard certificate is a certificate that includes one or more names starting with <code class="language-plaintext highlighter-rouge">*.</code>. Browsers will accept any label in place of the asterisk (<code class="language-plaintext highlighter-rouge">*</code>). For example, a certificate for <code class="language-plaintext highlighter-rouge">*.example.com</code> will be valid for <code class="language-plaintext highlighter-rouge">www.example.com</code>, <code class="language-plaintext highlighter-rouge">mail.example.com</code>, <code class="language-plaintext highlighter-rouge">hello.example.com</code>, and <code class="language-plaintext highlighter-rouge">goodbye.example.com</code>.</p>

<p>However, a wildcard certificate including <em>only</em> the name <code class="language-plaintext highlighter-rouge">*.example.com</code> will <strong>not</strong> be valid for <code class="language-plaintext highlighter-rouge">example.com</code>: the substituted label can not be empty. If you want the certificate to be valid for <code class="language-plaintext highlighter-rouge">example.com</code>, you also need to include <code class="language-plaintext highlighter-rouge">example.com</code> (i.e. without the <code class="language-plaintext highlighter-rouge">*.</code> part) on the certificate.</p>

<p>Additionally, the asterisk can only be substituted by a <em>single</em> label and not by <em>multiple</em> labels. For example, the name <code class="language-plaintext highlighter-rouge">hello.goodbye.example.com</code> will not be covered by a certificate including only the name <code class="language-plaintext highlighter-rouge">*.example.com</code>. It <em>will</em> be covered however, by <code class="language-plaintext highlighter-rouge">*.goodbye.example.com</code>. Note that a wildcard name can not contain multiple asterisks. For example, <code class="language-plaintext highlighter-rouge">*.*.example.com</code> is not valid.</p>

    </div>
    <div class="mobile-only">
      <p>
      A wildcard certificate is a certificate that includes one or more names starting with *.. Browsers will accept any label in place of the asterisk (*). For example, a certificate for *.example.com will be valid for www.example.com, mail.example.com, hello.example.com, and goodbye.example.com. However, a wildcard certificate including only the name *.example.com will not be valid for example.com: the substituted label can not be empty. If you want the certificate to be valid for example.com, you also need to include example.com (i.e. without the *. part) on the certificate. Additionally, the asterisk can only be substituted by a single label and not...
      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">wildcard cert</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#wildcard-certificate">Wildcard Certificate</a>
    <p>A wildcard certificate is a certificate that includes one or more names starting with <code class="language-plaintext highlighter-rouge">*.</code>. Browsers will accept any label in place of the asterisk (<code class="language-plaintext highlighter-rouge">*</code>). For example, a certificate for <code class="language-plaintext highlighter-rouge">*.example.com</code> will be valid for <code class="language-plaintext highlighter-rouge">www.example.com</code>, <code class="language-plaintext highlighter-rouge">mail.example.com</code>, <code class="language-plaintext highlighter-rouge">hello.example.com</code>, and <code class="language-plaintext highlighter-rouge">goodbye.example.com</code>.</p>

<p>However, a wildcard certificate including <em>only</em> the name <code class="language-plaintext highlighter-rouge">*.example.com</code> will <strong>not</strong> be valid for <code class="language-plaintext highlighter-rouge">example.com</code>: the substituted label can not be empty. If you want the certificate to be valid for <code class="language-plaintext highlighter-rouge">example.com</code>, you also need to include <code class="language-plaintext highlighter-rouge">example.com</code> (i.e. without the <code class="language-plaintext highlighter-rouge">*.</code> part) on the certificate.</p>

<p>Additionally, the asterisk can only be substituted by a <em>single</em> label and not by <em>multiple</em> labels. For example, the name <code class="language-plaintext highlighter-rouge">hello.goodbye.example.com</code> will not be covered by a certificate including only the name <code class="language-plaintext highlighter-rouge">*.example.com</code>. It <em>will</em> be covered however, by <code class="language-plaintext highlighter-rouge">*.goodbye.example.com</code>. Note that a wildcard name can not contain multiple asterisks. For example, <code class="language-plaintext highlighter-rouge">*.*.example.com</code> is not valid.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>

:
          

<div class="glossary-term js-only disabled">
  <a class="glossary-link js">DNS credentials</a>
  <div class="tooltip js">
    <div class="close-button"><img alt="Close button" class="close-tooltip" src="/images/close.svg"></div>
    <div class="tooltip-title">
      <a href="/glossary#dns-credentials">DNS Credentials</a>
    </div>
    <div class="mobile-hidden">
    <p>DNS credentials are a password or other kind of secret (such as an API key) that your DNS provider lets you use to change the contents of your DNS records. They are usually issued by your domain registrar (or by another DNS provider, if your DNS provider isn’t the same as your registrar). DNS credentials are a sensitive kind of secret because they can be used to take over your site completely.
You should never share these credentials publicly or with an unauthorized person. It can be OK to provide a copy of them to Certbot to let it perform DNS validation automatically, since it runs locally on your machine.</p>

    </div>
    <div class="mobile-only">
      <p>
      DNS credentials are a password or other kind of secret (such as an API key) that your DNS provider lets you use to change the contents of your DNS records. They are usually issued by your domain registrar (or by another DNS provider, if your DNS provider isn’t the same as your registrar). DNS credentials are a sensitive kind of secret because they can be used to take over your site completely. You should never share these credentials publicly or with an unauthorized person. It can be OK to provide a copy of them to Certbot to let it perform...
      </p>
    </div>
    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div><div class="glossary-term no-js">
  <a class="glossary-link no-js">DNS credentials</a>
  <div class="tooltip no-js">
    <a class="tooltip-title" href="/glossary#dns-credentials">DNS Credentials</a>
    <p>DNS credentials are a password or other kind of secret (such as an API key) that your DNS provider lets you use to change the contents of your DNS records. They are usually issued by your domain registrar (or by another DNS provider, if your DNS provider isn’t the same as your registrar). DNS credentials are a sensitive kind of secret because they can be used to take over your site completely.
You should never share these credentials publicly or with an unauthorized person. It can be OK to provide a copy of them to Certbot to let it perform DNS validation automatically, since it runs locally on your machine.</p>

    <div class="bottom-text">
      From our <a href="/glossary">Certbot Glossary</a>
    </div>
  </div>
</div>


        </span>
      </div>
    </div>
  </div>

  <div class="mobile-hidden">
    <h1>Don't have these requirements?</h1>
    <p>
    Not to worry! Some hosting providers automate the HTTPS process.
    <a href="/hosting_providers">See the full list of hosting providers</a>, or <a href="/help#webserver">find out more about how to set up your system</a>.
    </p>
  </div>
</div>



    <div class="home-further-links">
      <div class="col">
        <img alt="Lightbulb" src="/images/Lightbulb.svg">
        <span class="label">Want to learn more?</span>
        <a class="link-button" href="/help">See our explainers<img alt="Red arrow pointing right" src="images/chevron-right.png" class="mobile-only link-arrow"/></a>
      </div>
      <div class="col">
        <img alt="Key" class="wide" src="/images/Key.svg">
        <span class="label">Want to contribute to Certbot?</span>
        <a class="link-button" href="/contribute">See opportunites to help<img alt="Red arrow pointing right" src="images/chevron-right.png" class="mobile-only link-arrow"/></a>
      </div>
    </div>

    <footer class="social">
  <ul>
    <li>
      <a href="https://www.facebook.com/share.php?u=https%3A%2F%2Fcertbot.eff.org&amp;title=Certbot" target="_blank" rel="noreferrer"><div class="social-icon facebook"></div></a>
    </li>
    <li><a href="https://twitter.com/intent/tweet?text=Check%20out%20Certbot%2C%20an%20%40EFF%20tool%20that%20makes%20it%20easy%20to%20get%20and%20configure%20HTTPS%20with%20Let%27s%20Encrypt%20certificates&amp;url=https%3A%2F%2Fcertbot.eff.org&amp;related=eff" target="_blank" rel="noreferrer"><div class="social-icon twitter"></div></a></li>
    <li><a href="https://supporters.eff.org/donate/support-work-on-certbot" target="_blank" rel="noreferrer"><div class="social-icon donate"></div></a></li>
  </ul>
</footer>


    <footer class="footer">

  <div class="logos">
    <div class="certbot-logo">
      <img class="certbot-logo" src="/images/Certbot-solid.svg" alt="Certbot logo">
      <span>
        certbot
      </span>
    </div>
    <a target="_blank" href="https://www.eff.org"><img class="eff-logo" src="/images/EFF-bw-logo-white.svg" alt="Electronic Frontier Foundation"></a>
  </div>

  <div class="links">
    <ul>
      <li><a href="/">home</a></li>
      <li><a href="/about">about certbot</a></li>
      <li><a href="/instructions">certbot instructions</a></li>
      <li><a href="/hosting_providers">hosting providers with HTTPS</a></li>
    </ul>

    <ul>
      <li><a href="/help">get help</a></li>
      <li><a href="/faq">frequently asked questions</a></li>
      <li><a href="/glossary">certbot glossary</a></li>
      <li><a href="/docs">certbot documentation</a></li>
      <li><a href="https://community.letsencrypt.org/">community forum</a></li>
    </ul>

    <ul>
      <li><a href="/help#not-finding">contact us</a></li>
      <li><a href="/contribute">contribute to certbot</a></li>
    </ul>

    <ul>
      <li><a target="_blank" href="https://supporters.eff.org/donate/support-work-on-certbot">donate to EFF</a></li>
    </ul>

    <ul>
      <li><a href="/privacy">privacy</a></li>
      
      <li><a target="_blank" href="https://www.eff.org/copyright"><img src="/images/cc-by-logo.png" alt="Creative Commons Attribution License"></a></li>
      
    </ul>
  </div>

<noscript><img src="https://anon-stats.eff.org/js/?idsite=24&amp;rec=1&amp;action_name=" style="border:0" height="0" width="0" alt="" /></noscript>
<div style="height: 0; width: 0; position: absolute" id="anon-stats"></div>
<script type="text/javascript">
document.getElementById('anon-stats').innerHTML = '<img src="https://anon-stats.eff.org/js/?idsite=24&amp;rec=1&amp;urlref=' + encodeURIComponent(document.referrer) + '&amp;action_name=' + encodeURIComponent(document.title) + '" style="border:0" height="0" width="0" alt="" />';
</script>

</footer>



  </body>

</html>