Installation
Generating and Renewing SSL Certificates with Certbot
Guide to Installing, Generating, and Renewing SSL Certificates with Certbot and Third-Party CAs on UTMStack Servers
IMPORTANT: Replace your-domain with the actual domain of your UTMStack Service, e.g., .yourdomain.com.
1. Generate SSL Certificate with Certbot
Install Certbot and Nginx (Required only for Method 1 and 2)
Pause the frontend container
Start Nginx
Method 1 – Certbot with Nginx (No DNS Validation), this is the recommended method for simplicity and automation.
Method 2 – Certbot Manual with DNS Validation, use this if DNS challenge is required.
Create the DNS TXT Record, Access your DNS management console and add a TXT record:
- Type: TXT
- Name: _acme-challenge. your-domain
- Value: (provided by Certbot)
Wait for DNS propagation before continuing.
Method 3 – Using Certificates from a Trusted Certificate Authority (CA)
Use this method if you already have an SSL certificate issued by a third-party CA (e.g., DigiCert, GoDaddy, etc.).
This method does not require Nginx or Certbot.
Replace existing certificates
1. Copy the provided certificate and private key files:
Stop the frontend container, use docker ps to identify the container ID:
Restart the frontend container or related services if necessary.
Stop and Disable Nginx (Only if used for Method 1 or 2)
2. Renew SSL Certificate (For Certbot methods only), recommended every 60–90 days.
Pause the frontend container
Start Nginx
Renew Certbot Certificates
Stop and Disable Nginx
Update Certificates in UTMStack
Stop the frontend container
Final Notes
- Certbot stores your certificates at: /etc/letsencrypt/live/your-domain/
- Check expiration with:
Ensure your DNS provider supports TXT records for Method 2 – DNS Validation.