• Let's Encrypt ¹⁾
• Certbot ²⁾
• Realm of Espionage

• Fedora Server
• nginx + PHP + PHP-FPM ³⁾

sudo dnf install 'certbot'

• Be sure to change the email address
• Any new domains added need to be added to Namecheap as well
• must-staple = true is disabled due to being incompatible with Firefox ⁴⁾

sudo mkdir -p '/etc/letsencrypt' && sudo -e '/etc/letsencrypt/cli-custom.ini'

verbose = true
text = true
non-interactive = true
standalone = true
force-renewal = true
agree-tos = true

email = espionage724@x
no-eff-email = true

rsa-key-size = 4096
redirect = true
hsts = true
uir = true
staple-ocsp = true

pre-hook = systemctl stop 'nginx'
post-hook = systemctl start 'nginx'

domains = realmofespionage.xyz, blog.realmofespionage.xyz, files.realmofespionage.xyz, media.realmofespionage.xyz, social.realmofespionage.xyz, test.realmofespionage.xyz, wiki.realmofespionage.xyz

• If it passes the dry run, remove the dry-run argument and re-run ⁵⁾

sudo 'certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --dry-run

sudo -e '/etc/systemd/system/certbot-renew-custom.service'

[Service]
Type=oneshot
ExecStart='/usr/bin/certbot' 'certonly' --config '/etc/letsencrypt/cli-custom.ini' --quiet
ExecStartPost='/usr/bin/sync'

sudo -e '/etc/systemd/system/certbot-renew-custom.timer' && sudo systemctl daemon-reload && sudo systemctl enable 'certbot-renew-custom.timer' --now

[Unit]
Description=Let's Encrypt Certificate Renewal
After=network-online.target
Wants=network-online.target

[Timer]
OnCalendar=weekly
Persistent=true

[Install]
WantedBy=multi-user.target