This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Certificate Management

Introduction

TLS certificate management is a critical operational responsibility. Expired certificates cause service outages, security warnings, and loss of user trust. Modern certificate management leverages the ACME protocol and Let's Encrypt to automate issuance and renewal at scale.

Let's Encrypt

Let's Encrypt is a free, automated, and open certificate authority (CA) that provides DV certificates trusted by all major browsers.

Install Certbot (Let's Encrypt client)

sudo apt install certbot python3-certbot-nginx

Obtain certificate with webroot authentication

sudo certbot certonly --webroot \

-w /var/www/example.com -d example.com \

-w /var/www/api.example.com -d api.example.com \

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\--email admin@example.com \

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\--agree-tos \

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\--non-interactive

Obtain certificate with DNS challenge (for wildcards)

sudo certbot certonly --manual \

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\--preferred-challenges dns \

-d example.com -d *.example.com

ACME Protocol

The Automated Certificate Management Environment (ACME) protocol automates certificate issuance, renewal, and revocation.

import josepy as jose

from acme import client, messages

from cryptography import x509

from cryptography.hazmat.primitives import hashes

class ACMEClient:

def init(self, directory_url, email):

self.directory_url = directory_url

self.email = email

self.net = client.ClientNetwork(

jose.JWKRSA(key=rsa_private_key),

---

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.