Low End Box and @Not_Oles thank Porkbun and Eddie Barksdale for providing this guest post about Certbun, Porkbun’s alternative to Certbot. “Why should I use Certbun rather than Certbot,” you ask? @Not_Oles answers, “Porkbun support is for sure the best!”
Every site should have an SSL certificate, but if you’ve ever used Certbot to generate a free Let’s Encrypt certificate, you know that it can be clunky at best. That’s why we automated the process of generating a wildcard certificate from Let’s Encrypt. If you’re using our own hosting, it’s also installed and updated automatically, so you never have to think about it.
Of course, if you’re running a VPS or your own home lab setup, you still have to download and install the certificates to your web server. And since Let’s Encrypt certificates expire every 90 days, that means you’re constantly having to update your SSL every couple of months.
Enter Certbun. Certbun is a lightweight Python script that uses the Porkbun API to download your SSL bundle, loads it in the correct location on your server, and then reloads your server to install it. The only requirements are that your domain is registered with us, using our nameservers, and your server is able to run Python. This should work on pretty much any OS, including Linux, Windows, Mac, and FreeBSD.
Set Up Certbun At Porkbun
To get started, first make sure your Porkbun account is set up for API access by verifying your email address and phone number inside your Porkbun account settings. From there, navigate to your Porkbun domain management, find the domain you’re wanting to use, and open up Details. Double-check that you’re using Porkbun’s nameservers and your SSL is already generated (it should read as “Have Certificate”). Then just click on the toggle for API Access to enable it for the domain.
Obtain API Key From Porkbun
After that, click on ACCOUNT in the upper right corner, then API Access, and create an API Key. Save the Secret Key to a secure location, as you won’t be able to see this again from your account without regenerating the key.
Set Up Your Server
On your server, make sure you have at least Python 2.7 setup on your machine, and Python’s package manager, PIP. From there, run
pip install requests
to install the requests package for Python.
Grab a copy of Certbun (https://github.com/porkbundomains/certbun) from Porkbun’s public Github, and unpack it somewhere secure on your machine that isn’t publicly accessible, otherwise you might accidentally expose your API key.
Next, rename “config.json.example” to just “config.json,” then open it in your favorite text editor. Paste in both the private and public API keys you generated from earlier, define your root domain in the domain field, add the locations and file names of where your four certificates will be installed (note: depending on your web server, you may not need the public and intermediate keys, you can just enter “/dev/null” if that’s the case), and lastly specify the command needed to reload or restart your hosting service.
Testing
To test the client, type the following:
python certbun.py config.json
If all goes according to plan, it should just work.
Finally, set up a recurring process to run the Certbun script. Most commonly, this would be accomplished via a cron job if you’re on Unix. On our end, certificates are regenerated automatically about 15 days before the old ones expire, thus an interval of once a week to run Certbun should be more than enough to make sure you’ve always got a valid certificate.
An offer
Wanna get started with Porkbun? You can sign up for a Porkbun account here and use coupon code LOWENDBOX22 for $1 off a new registration.
Related Posts:
Let's Encrypt Retiring Expiration Emails: Three Quick Solutions to Fill the Gap
.net Domain Registrations: As Cheap as $1.88!
Get a FREE .pro Domain from Porkbun!
How SquareSpace Badly Overpaid for Google Domains
How to Immediately Transfer a Domain Out of InternetBS.net with No Waiting Period
Indian ISPs Block NameCheap, Dynadot, Tucows, Sarek, and Gransy
It feels like just yesterday—but it was actually fifty years ago—that I stood in a doorway, watching yard after yard of ASCII art scroll out of a Teletype Model 33, surrounded by a group of laughing, wide-eyed tech enthusiasts. That was my first taste of computing, and I’ve been hooked ever since.
My Low End Adventure began right here on LowEndBox, when I stumbled across the perfect deal on a dedicated server from OVH a few years ago. That moment opened the door to a whole new world of tinkering, learning, and community.
Today, I’m the proud owner of Darkstar—a lovingly maintained antique server currently colocated in Dallas, Texas at LevelOneServers.com. She may be older than most, but she runs like a champ and has taught me more than a few lessons about hardware and humility.
In addition to writing for LowEndBox and helping out as a moderator on LowEndTalk, I spend my time exploring the worlds of programming, networking, and Linux system administration. There’s always something new to learn—and luckily, the LowEnd community is filled with brilliant, generous people who are more than willing to teach.
All these years later, I’m still learning, still experimenting, and still having a blast.
It’s very, very fun here on the Low End… isn’t it? 😊
thank you