Letsencrypt Linux PMC Tactical

If you are grateful for all the work PMC has done in the past 25 years, use Support PMC page.

Letsencrypt

Add letsencrypt repository:

sudo apt-get install software-properties-common
sudo add-apt-repository ppa:certbot/certbot

Hit enter. Please note that to my recollection I didn't need to add this repository on Debian 12.7 system, hmm hmm!?

sudo apt-get update
sudo apt-get install python-certbot-apache

The certbot Let's Encrypt client is now ready to use.

SSL certificate. The first domain name in the list of parameters will be the base domain used by Let's Encrypt to create the certificate, and for that reason we recommend that you pass the bare top-level domain name as first in the list, followed by any additional subdomains or aliases:

sudo certbot --apache -d example.com -d www.example.com

This is per domain (unless I'm mistaken heh), so do it like:

certbot --apache -d example.com -d www.example.com
certbot --apache -d mydomain.com -d www.mydomain.com
certbot --apache -d coolsite.com -d www.coolsite.com

etc

Check if ssl https is working:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com&latest

Certbot renewal, dry run, a test:

certbot renew --dry-run

Auto renewal in crontab:

15 3 * * * /usr/bin/certbot renew --quiet

Also in Debian 12.7 system this crontab was added automatically upon installing Letsencrypt, so hmm.