Original post is here: eklausmeier.goip.de
Previously I used lefh to generate and update Let's Encrypt certificates for the Hiawatha webserver.
Unfortunately, this PHP script no longer works.
Therefore I installed certbot:
1pacman -S certbot-nginx
Updating my domains is like this:
1certbot --nginx -d eklausmeier.goip.de,klm.ddns.net,eklausmeier.mywire.org,klmport.no-ip.org,klm.no-ip.org
Its output is roughly
1Saving debug log to /var/log/letsencrypt/letsencrypt.log
2Requesting a certificate for eklausmeier.goip.de and 4 more domains
3
4Successfully received certificate.
5Certificate is saved at: /etc/letsencrypt/live/eklausmeier.goip.de/fullchain.pem
6Key is saved at: /etc/letsencrypt/live/eklausmeier.goip.de/privkey.pem
7This certificate expires on 2024-05-19.
8These files will be updated when the certificate renews.
Add the first two files in /etc/nginx/nginx.conf:
ssl_certificate /etc/letsencrypt/live/eklausmeier.goip.de/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/eklausmeier.goip.de/privkey.pem;
Check with nginx -t.
If all is OK, then restart with systemctl restart nginx.
Final check is with Qualys SSL Labs:
