certbot letsencrypt OS

Generating a PFX cert with certbot and openssl

That was a long title.

Now, down to business. I ran these commands on macOS so they may vary a bit if you’re on another OS.

After installing certbot, go ahead and generate a new cert using:

certbot certonly --manual --preferred-challenges dns --email --domains

This will give you a DNS challenge which basically means adding a TXT record to your domain, please double check the new record has been propagated before continuing, I use the following website:

After that, certbot will tell you where the files were saved, I recommend copying them out of /etc/.

You can now generate the PFX cert using openssl:

openssl pkcs12 -export -out certificate_fullchain.pfx -inkey privkey.pem -in fullchain.pem

Leave a Reply