Just few lines with the configuration I use for the automatic certificate renewal.
cat cli.ini # This is an example of the kind of things you can do in a configuration file. # All flags used by the client can be configured here. Run Let's Encrypt with # "--help" to learn more about the available options. # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 # Always use the staging/testing server #server = https://acme-staging.api.letsencrypt.org/directory email = firstname.lastname@example.org domains= www.zarrelli.org text = True agree-tos = True authenticator = apache renew-by-default = true verbose = True # Uncomment to use the standalone authenticator on port 443 # authenticator = standalone # standalone-supported-challenges = tls-sni-01 # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. # authenticator = webroot # webroot-path = /usr/share/nginx/html
And this is the content of the root crontab
@monthly /usr/sbin/letsencrypt/letsencrypt-auto --config /etc/letsencrypt/cli.ini --no-redirect
That’s all folks!