Run these commands to install cert
snap install core
snap refresh core
snap install --classic certbot
ln -s /snap/bin/certbot /usr/bin/certbot
snap set certbot trust-plugin-with-root=ok
# make sure firewall port 80 is unblocked and no other software is running on port 80 already
certbot certonly --standalone
# verify certbot timer exists to renew certificate
systemctl list-timers
# run this to verify the renew command will work when the timer runs it:
certbot renew --dry-run
I mostly used this article to configure exim to use the letsencrypt certificate: https://www.geekrant.org/2017/04/16/install-exim4-starttls-using-a-free-letsencrypt-certificate/
I made a couple additions on my server to complete this.
Run these to create links so exim can find the current certificate:
ln -s /etc/letsencrypt/live/example.com/fullchain.pem /etc/exim4/exim.crt
ln -s /etc/letsencrypt/live/example.com/privkey.pem /etc/exim4/exim.key
Put a hook script here to fix the permissions after certbot renews a certificate:
vim /etc/letsencrypt/renewal-hooks/post/reset_letsencrypt_perms.sh
#!/bin/bash
chmod -R g+rX /etc/letsencrypt/live/
chmod -R g+rX /etc/letsencrypt/archive/
chgrp -R privkey_users /etc/letsencrypt/archive/
chgrp -R privkey_users /etc/letsencrypt/live
# END OF SCRIPT
Make it executable:
chmod +x /etc/letsencrypt/renewal-hooks/post/reset_letsencrypt_perms.sh