Let's Encrypt & Certbot

Installation

Ubunutu
add-apt-repository ppa:certbot/certbot
apt-get update && apt-get install python-certbot
CentOS
yum install epel-release
yum install python-certbot certbot

Certbot

You must stop anything on port 443/80 before starting certbot

certbot certonly --standalone  -d example.com

You can use the crt/privkey from this path

ls /etc/letsencrypt/live/example.com
cert.pem chain.pem fullchain.pem privkey.pem README

If you need a DH for you web.conf you can do

openssl dhparam -out /etc/ssl/certs/dhparam.pem 2048
Renew crt
crontab -e
15 3 * * * /usr/bin/certbot renew --quiet

Wildcard certbot dns plugin

Install certbot nginx

apt install python3-pip
pip3 install certbot-dns-digitalocean
mkdir -p ~/.secrets/certbot/
vim ~/.secrets/certbot/digitalocean.ini

dns_digitalocean_token = XXXXXXXXXXXXXXX

Certbot config

certbot certonly --dns-digitalocean --dns-digitalocean-credentials ~/.secrets/certbot/digitalocean.ini -d www.domain.com
corontab -e

15 3 * * * /usr/bin/certbot renew --quiet