====== Information ======

  * Let's Encrypt ((https://letsencrypt.org))
  * Certbot ((https://certbot.eff.org))
  * [[Information:Realm of Espionage]]

===== Prerequisites =====

  * [[bsd:server:freebsd_15.0|FreeBSD 15.0]]
  * [[servers:bsd:freenginx_php_php-fpm|freenginx]]

====== Dependencies ======

  su -

  pkg install 'py311-certbot'

====== Settings ======

  * :!: Set email

  su -

  mkdir -p '/usr/local/etc/letsencrypt' && ee '/usr/local/etc/letsencrypt/cli-custom.ini'

<code>
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##################################################
email = espionage724@x
##################################################

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = false

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, forums.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz

# End</code>

====== Obtain Certs ======

  * :!: If it passes the dry run, remove the ''--dry-run'' argument and re-run

  su -

  certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run

====== Scripts ======

===== Renewal =====

  mkdir -p ~/'.local/scripts/www/certbot' && ee ~/'.local/scripts/www/certbot/certbot-renewal.sh' && chmod +x ~/'.local/scripts/www/certbot/certbot-renewal.sh'

<code>
#!/bin/sh

service 'nginx' stop

certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --quiet

service 'nginx' start

# End</code>

  ~/'.local/scripts/www/certbot/certbot-renewal.sh'

  su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'

  ssh '192.168.1.152' -t "su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'"

====== Automatic Cert Renewal ======

  * TODO