This is an installer plugin for certbot. Whenever you generate a certificate with Let's Encrypt, it will save the certificate in a PKCS#12 archive.
To use this plugin, first follow the instructions to install certbot as well as this plugin and any other plugins that you need. For example, if you are installing certbot with pip, then run the following command:
pip install certbot certbot-dns-route53 certbot-pkcs12
Then, configure certbot by populating the configuration file
/etc/letsencrypt/cli.ini. Here is an example configuration for verifying
certificates using the certbot plugin
for AWS Route53:
# Example settings for cert verification using Route53
dns-route53 = true
domains = example.com
email = admin@example.com
agree-tos = true
no-eff-email = true
# PKCS12-specific settings
installer = pkcs12
pkcs12-location = /etc/pki/kafka/keystore.p12
pkcs12-phassphrase = snakeoil
Important note: Some software, such as Apache Kafka, cannot decode unencrypted PKCS12 files, so you should always set a PKCS12 passphrase, even if you are not using the PKCS12 encryption as a security boundary.
Finally, run certbot by executing the following command:
certbot