====== Information ======
* Let's Encrypt ((https://letsencrypt.org/))
* Certbot ((https://certbot.eff.org/))
* [[information:realm_of_espionage|Realm of Espionage]]
===== Prerequisites =====
* [[bsd:server:freebsd_16.0|FreeBSD 16.0]]
* [[servers:bsd:freenginx_php_php-fpm|freenginx]]
====== Dependencies ======
su -
pkg install 'py311-certbot'
====== Settings ======
* :!: Set ''email''
su -
mkdir -p '/usr/local/etc/letsencrypt' && ee '/usr/local/etc/letsencrypt/cli-custom.ini'
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true
########################################
email = espionage724@x
########################################
no-eff-email = true
rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = false
domains = realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz
# End
====== Obtain Certs ======
* :!: If it passes the dry run, remove the ''--dry-run'' argument and re-run
su -
certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run
====== Scripts ======
===== Renewal =====
mkdir -p ~/'.local/scripts/www/certbot' && ee ~/'.local/scripts/www/certbot/certbot-renewal.sh' && chmod +x ~/'.local/scripts/www/certbot/certbot-renewal.sh'
#!/bin/sh
cd '/tmp'
'/usr/sbin/service' 'nginx' stop
'/usr/local/bin/certbot' 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --quiet
'/usr/sbin/service' 'nginx' start
# End
su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'
====== cron ======
===== Renewal =====
* Weekly (Sunday) ''07:00:00 AM''
su -
ee '/etc/cron.d/certbot-renewal'
#
SHELL=/bin/sh
0 7 * * sun root '/home/espionage724/.local/scripts/www/certbot/certbot-renewal.sh'
# End