Installing certbot

aptitude install certbot

Running certbot

Certbot can use its own simple webserver when no webserver is installed so that certificates for mail servers etc. can be obtained:

certbot certonly --rsa-key-size 4096 --standalone \
  --pre-hook  "systemctl stop lighttpd opensmtpd dovecot" \
  --post-hook "cat /etc/letsencrypt/live/domain1.example/cert.pem /etc/letsencrypt/live/domain1.example/privkey.pem > /etc/letsencrypt/live/domain1.example/cert+privkey.pem && chmod 600 /etc/letsencrypt/archive/*/*.pem && systemctl start dovecot opensmtpd lighttpd" \
  -d domain1.example -d domain2...

Renewal

The certbot packages provides its own entries for cron and systemd thus no own mechanism is needed. Hook mechanism can be later edited also in /etc/letsencrypt/renewal/domain1.example.conf