• Let's Encrypt ¹⁾
• Certbot ²⁾
• Realm of Espionage

• FreeBSD 16.0
• freenginx

su -

pkg install 'py311-certbot'

• Set email
• TODO: chat

su -

mkdir -p '/usr/local/etc/letsencrypt' && ee '/usr/local/etc/letsencrypt/cli-custom.ini'

verbose = 'true'
max-log-backups = '0'
text = 'true'
non-interactive = 'true'
standalone = 'true'
force-renewal = 'true'
agree-tos = 'true'

########################################
email = espionage724@x
########################################

no-eff-email = 'true'

rsa-key-size = '4096'
redirect = 'true'
hsts = 'true'
uir = 'true'
staple-ocsp = 'false'
key-type = 'ecdsa'
elliptic-curve = 'secp384r1'

domains = 'realmofespionage.xyz, wiki.realmofespionage.xyz, media.realmofespionage.xyz, blog.realmofespionage.xyz, social.realmofespionage.xyz, forums.realmofespionage.xyz, status.realmofespionage.xyz, files.realmofespionage.xyz, test.realmofespionage.xyz'

# End

• If it passes the dry run, remove the --dry-run argument and re-run

su -

certbot 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --dry-run

mkdir -p ~/'.local/scripts/www/certbot' && ee ~/'.local/scripts/www/certbot/certbot-renewal.sh' && chmod +x ~/'.local/scripts/www/certbot/certbot-renewal.sh'

#!/bin/sh

cd '/tmp'

'/usr/sbin/service' 'nginx' stop

'/usr/local/bin/certbot' 'certonly' --config '/usr/local/etc/letsencrypt/cli-custom.ini' --quiet

'/usr/sbin/service' 'nginx' start

# End

su 'root' -c ~/'.local/scripts/www/certbot/certbot-renewal.sh'

• Weekly (Sunday) 07:00:00 AM

su -

ee '/etc/cron.d/certbot-renewal'

#
SHELL=/bin/sh

0 7 * * sun root '/home/espionage724/.local/scripts/www/certbot/certbot-renewal.sh'

# End