====== Information ======

  * Let's Encrypt ((https://letsencrypt.org))
  * Certbot ((https://certbot.eff.org))
  * [[Information:Realm of Espionage]]

===== Prerequisites =====

  * [[bsd:server:freebsd_14.2|FreeBSD 14.2]]
  * [[servers:bsd:nginx_php_php-fpm|nginx + PHP + PHP-FPM]]

====== Dependencies ======

  su -

  pkg install 'py311-certbot'

====== Settings ======

  *  :!: Be sure to change the email address

  su -

  ee '/usr/local/etc/letsencrypt/cli-custom.ini'

<code>
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##########
#CHANGEME#
##########

email = espionage724@x

##########
#CHANGEME#
##########

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = false

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz

# End</code>

====== Obtain Certs ======

  * :!: If it passes the dry run, remove the dry-run argument and re-run ((the dry run will likely fail the nginx restart step since the certs don't actually exist yet))

  su -

  certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run

===== Temp Commands =====

  * TODO: service stop nginx, above no dry-run

====== Automatic Cert Renewal ======

  * TODO