Table of Contents

Information

Prerequisites

Dependencies

sudo dnf install 'certbot'

Settings

sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'
verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##########
#CHANGEME#
##########

email = espionage724@x

##########
#CHANGEME#
##########

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = true

pre-hook = systemctl stop 'nginx'
post-hook = systemctl start 'nginx'

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz, wow.realmofespionage.xyz

# End

Obtain Certs

sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run

Automatic Cert Renewal

Disable Existing

sudo systemctl disable --now 'certbot-renew' 'certbot-renew.timer'

Service

sudo -e '/etc/systemd/system/certbot-renew-custom.service'
[Service]
Type=oneshot
ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
ExecStartPost='/usr/bin/sync'

# End

Timer

sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now
[Unit]
Description=Let's Encrypt Certificate Renewal
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=multi-user.target

# End
3)
Certbot doesn't necessarily require nginx; if not using nginx then port 443/tcp likely needs to be opened and pre/post-hooks/service restarting changed
4)
last tested 2019/06/28 with Firefox 67.0.4; it didn't work; likely a config error on my part since this hasn't worked at all since 2018
5)
the dry run will likely fail the nginx restart step since the certs don't actually exist yet