Export client certificate from Let's Encrypt certificates

ssl lets-encrypt certbot
9,557

Solution 1

You need to keep /etc/letsencrypt/live/my-client-server-domain/privkey.pem private as it contains the private key for your certificate.

You can hand out one ofthese two files:

/etc/letsencrypt/live/my-client-server-domain/chain.pem
/etc/letsencrypt/live/my-client-server-domain/fullchain.pem

You might want to share the /etc/letsencrypt/live/my-client-server-domain/fullchain.pem as it contains intemediate certificates if those were used by Let's Encrypt. The recipient can extract your certificate from it in case it is needed.

Solution 2

Use the certbot certificates sub command to display your certificate files if you don't exactly know which file(s) you need. You can use the -d [hostname] option if you have more than hostname/domainname configured: 

certbot certificates -d www.example.com

Saving debug log to /var/log/letsencrypt/letsencrypt.log

-------------------------------------------------------------------------------
Found the following matching certs:

  Certificate Name: server.example.com
    Domains: server.example.com mail.example.com www.example.com example.com
    Expiry Date: 2018-09-30 12:45:28+00:00 (VALID: 82 days)
    Certificate Path: /etc/letsencrypt/live/server.example.com/fullchain.pem   <====
    Private Key Path: /etc/letsencrypt/live/server.example.com/privkey.pem


-------------------------------------------------------------------------------

In any public key cryptography you only need to keep the aptly named "Private Key" data private and secure, and you can (and usually must) share the public key/certificate freely, so share the fullchain.pem file from what certbot calls the "certificate path".

Share:
9,557

Related videos on Youtube

Alfred Balle
Author by

Alfred Balle

Updated on September 18, 2022

Comments

  • Alfred Balle
    Alfred Balle over 1 year

    I'm running Debian and have certbot for creating Let's Encrypt certificate.

    I act as client towards a TLS server, and needs to handover my client certificate for approval.

    I've got the following files generated by certbot:

    /etc/letsencrypt/live/my-client-server-domain/privkey.pem
/etc/letsencrypt/live/my-client-server-domain/fullchain.pem
/etc/letsencrypt/live/my-client-server-domain/chain.pem

    Which certificate should I handover, and is it safe to share public?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to setup Letsencrypt for Google Cloud Compute Engine load balancer?
Certbot - Could not find a suitable TLS CA certificate bundle [Archlinux]
Certbot (LetsEncrypt) on custom port (Nginx OR apache)
NGINX + Let's encrypt: Could not automatically find a matching server block
Certbot not found
How to stop renewing a letsencrypt/certbot certificate?
No package certbot available
NGINX - "server" directive is not allowed here
How to install cert-bot/letsencypt on Ubuntu?
Nginx Nextcloud too many redirects