certbot It is a program of Let & # 39; s Encrypt, which automates the certification process. The command you published generates a certificate signing request (CSR) for the domains
www.your_domain. Let & # 39; s Encrypt servers try to contact your instance of
certbot through those domains. If successful, this proves that you really own those domains and, therefore, are eligible to generate certificates for them.
Also, automatically configure nginx to serve over HTTPS and use these certificates. These certificates will be accepted as legitimate by all modern browsers.
dotenv generates a self-signed certificate. These are useful for development purposes, where you don't expect someone to try and forge your connection. Most likely, you connect to
As a result, while those certificates are real certificates that you can use to test your HTTPS configuration, all browsers will warn you that these certificates are not reliable. You can ignore these warnings, and some browsers even allow options to ignore untrusted certificates in
localhost (for example, Chrome & # 39; s
allow-insecure-localhost flag), or you can manually mark this certificate as verified.
Of course, the purpose of such certificates is debugging and testing. You should never use such certificates in a production environment.
Do they work on web servers or web applications?
The task of a web server is to handle incoming connections, analyze the HTTP request and then pass it to the web application. Therefore, the server is the one that handles the things of TLS, such as what version of TLS to offer and what encryption should be offered.
Your couldIn theory, let a web application do that, but why would you do it? The application focuses on what a user does, not on the technical core of the connection.
Can you exchange both?
dotenv They are not linked to Ubuntu. You can use each application as you see fit for your use case, as described above.
certbot generates a certificate ready for production, but requires an external domain.
dotenv generates a self-signed certificate for development. This is not for production use, but can be generated on your own.
Your web server is the one that handles all the things of certificates and TLS. Your web application is the one that handles logic. It is completely independent if called through HTTP or HTTPS.
You can use any
dotenv, or even
openssl to generate a self-signed certificate. The choice is based on what you need from a certificate.