Installing certbot
aptitude install certbot
Running certbot
Certbot can use its own simple webserver when no webserver is installed so that certificates for mail servers etc. can be obtained:
certbot certonly --rsa-key-size 4096 --standalone \ --pre-hook "systemctl stop lighttpd opensmtpd dovecot" \ --post-hook "cat /etc/letsencrypt/live/domain1.example/cert.pem /etc/letsencrypt/live/domain1.example/privkey.pem > /etc/letsencrypt/live/domain1.example/cert+privkey.pem && chmod 600 /etc/letsencrypt/archive/*/*.pem && systemctl start dovecot opensmtpd lighttpd" \ -d domain1.example -d domain2...
Renewal
The certbot packages provides its own entries for cron and systemd thus no own mechanism is needed. Hook mechanism can be later edited also in /etc/letsencrypt/renewal/domain1.example.conf