Information

Let's Encrypt ¹⁾
Certbot ²⁾
Realm of Espionage

Prerequisites

Dependencies

sudo zypper install 'python313-certbot'

Settings

sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'

# letsencrypt/cli-custom.ini

verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

##########
#CHANGEME#
##########

email = espionage724@x

##########
#CHANGEME#
##########

no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = true

pre-hook = systemctl stop 'nginx'
post-hook = systemctl start 'nginx'

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, wiki.realmofespionage.xyz

# End

Obtain Certs

If it passes the dry run, remove the dry-run argument and re-run ³⁾

sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run

Automatic Cert Renewal

Service

sudo -e '/etc/systemd/system/certbot-renew-custom.service'

# certbot-renew-custom.service

[Service]
Type=oneshot
ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
ExecStartPost='/usr/bin/sync'

# End

Timer

sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now

# certbot-renew-custom.timer

[Unit]
Description=Let's Encrypt Certificate Renewal
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=multi-user.target

# End

¹⁾

https://letsencrypt.org

²⁾

https://certbot.eff.org

³⁾

the dry run will likely fail the nginx restart step since the certs don't actually exist yet

Table of Contents

Information

Prerequisites

Dependencies

Settings

Obtain Certs

Automatic Cert Renewal

Service

Timer