Everything you need is doing by the bot, so the first step is to install it:
yum install certbot
Now you can obtain the certificate. Assume your domain is
samblog.com and your contact email is
firstname.lastname@example.org. Start obtaining SSL certificate with the following command:
certbot certonly \ --manual \ --preferred-challenges=dns \ --email email@example.com \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ -d samblog.com
If you need wildcard SSL certificate then just add
-d *.samblog.com as an additional parameter:
certbot certonly \ --manual \ --preferred-challenges=dns \ --email firstname.lastname@example.org \ --server https://acme-v02.api.letsencrypt.org/directory \ --agree-tos \ -d samblog.com \ -d *.samblog.com
Agree on logging your server's IP:
NOTE: The IP of this machine will be publicly logged as having requested this certificate. If you're running certbot in manual mode on a machine that is not your server, please ensure you're okay with that. Are you OK with your IP being logged?
Next, you will be prompted to create DNS TXT record for your domain:
Please deploy a DNS TXT record under the name _acme-challenge.samblog.com with the following value: j9fLDhjWEop28gwp_Sij8fiWijbpW83nSj299lfWhbo Before continuing, verify the record is deployed.
Go to your domain registrar account and add this TXT record. After that wait till this record become visible. You can lookup your DNS records with this tool.
If you asked for wildcard or multidomain certificate then you will be prompted to add DNS TXT record one for each
When DNS TXT record(s) become visible, press Enter to complete the procedure.
You will find your certificate and private key files at