# To obtain a new certificate via webroot authorization, but do not install it automatically:
sudo certbot certonly --webroot --webroot-path <path/to/webroot> --domain <subdomain.example.com>

# To obtain a new certificate via nginx authorization, installing the new certificate automatically:
sudo certbot --nginx --domain <subdomain.example.com>

# To obtain a new certificate via apache authorization, installing the new certificate automatically:
sudo certbot --apache --domain <subdomain.example.com>

# To renew all Let's Encrypt certificates that expire in 30 days or less (don't forget to restart any servers that use them afterwards):
sudo certbot renew

# To simulate the obtaining of a new certificate, but don't actually save any new certificates to disk:
sudo certbot --webroot --webroot-path <path/to/webroot> --domain <subdomain.example.com> --dry-run

# To obtain an untrusted test certificate instead:
sudo certbot --webroot --webroot-path <path/to/webroot> --domain <subdomain.example.com> --test-cert