Let’s Encrypt SSL Certificates

Installing certbot

aptitude install certbot

Running certbot

Certbot can use its own simple webserver when no webserver is installed so that certificates for mail servers etc. can be obtained:

certbot certonly --rsa-key-size 4096 --standalone \
  --pre-hook  "systemctl stop lighttpd opensmtpd dovecot" \
  --post-hook "cat /etc/letsencrypt/live/domain1.example/cert.pem /etc/letsencrypt/live/domain1.example/privkey.pem > /etc/letsencrypt/live/domain1.example/cert+privkey.pem && chmod 600 /etc/letsencrypt/archive/*/*.pem && systemctl start dovecot opensmtpd lighttpd" \
  -d domain1.example -d domain2...

Renewal

The certbot packages provides its own entries for cron and systemd thus no own mechanism is needed. Hook mechanism can be later edited also in /etc/letsencrypt/renewal/domain1.example.conf