====== Information ======

  * Let's Encrypt
  * Certbot
  * [[information:realm_of_espionage|Realm of Espionage]]

===== Prerequisites =====

  * [[linux:distros:server:opensuse_tumbleweed_server|openSUSE Tumbleweed (Server)]]
  * [[servers:linux:nginx_php_php-fpm|nginx]]

====== Dependencies ======

****

  sudo zypper install 'python313-certbot'

====== Settings ======

  sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'

<code>
verbose = 'true'
max-log-backups = '0'
text = 'true'
non-interactive = 'true'
standalone = 'true'
force-renewal = 'true'
agree-tos = 'true'

########################################
email = espionage724@x
########################################

no-eff-email = 'true'

rsa-key-size = '4096'
redirect = 'true'
hsts = 'true'
uir = 'true'
staple-ocsp = 'false'
key-type = 'ecdsa'
elliptic-curve = 'secp384r1'

pre-hook = systemctl stop 'nginx'
post-hook = systemctl start 'nginx'

domains = 'realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz'

# End</code>

====== Obtain Certs ======

  * :!: If it passes the dry run, remove the dry-run argument and re-run

  sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run

  sudo systemctl stop 'nginx'

====== Automatic Cert Renewal ======

===== Service =====

  sudo -e '/etc/systemd/system/certbot-renew-custom.service'

<code>
[Service]
Type=oneshot

WorkingDirectory=/etc/letsencrypt

ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet

ExecStartPost='/usr/bin/sync'

# End</code>

===== Timer =====

  * Weekly (Sunday) ''07:00:00 AM''

  sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now

<code>
[Unit]
Description=Let's Encrypt Certificate Renewal
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=Sun *-*-* 07:00:00
Persistent=true

[Install]
WantedBy=multi-user.target

# End</code>

  sudo systemctl start 'certbot-renew-custom' && sudo systemctl status 'certbot-renew-custom' -l