How to deploy Let's Encrypt SSL certificates with Certbot.
Our infras have Certbot installed and auto renewal setup with Crontab.
Note! We assume Certbot is installed to /opt/certbot and that Nginx is used.
List current certificates:
$ /opt/certbot/certbot-auto certificates
Create a new certificate:
$ /opt/certbot/certbot-auto certonly --webroot -w /var/www/example/ -d www.example.com
Renew a certificate:
$ /opt/certbot/certbot-auto renew --nginx
Create certificates without webserver (standalone)
$ systemctl stop nginx
$ /opt/certbot/certbot-auto certonly --noninteractive --standalone -d www.example.com -d api.example.com --expand
When using basic auth, Certbot calls back to your server might get Access denied.
Solution is to let Certbot calls pass without basic auth:
You need to allow path ${webroot-path}/.well-known/acme-challenge with http (port 80) to pass always without basic
auth.