1.2.3 Let's encrypt https ui without Nginx or Apache2

I couldn’t find any laid out instructions for this and it’s missing from the install instructions so I thought I’d share.
This is without using Nginx or Apache2 so it was harder to find info on setting it up and I want the certs to renew automatically.
If you have nothing else running on port 80 you can run certbot in “standalone” mode. In standalone mode certbot will listen itself on port 80 for the authourization.
Make sure you have your domain name pointing at your servers IP

sudo apt update
sudo apt install certbot

Change MyDomainExample.com everywhere below to your domain name

sudo certbot certonly --standalone --preferred-challenges http -d MyDomainExample.com

Enter your email address when prompted and answer the questions.

Edit the /opt/genieacs/genieacs.env and add these 2 lines


These permissions need to be changed to allow Genieacs to access the certificate and key. Hopefully these stay set on renewal or I’ll have to script it to reset them each renewal.

sudo chmod 710 /etc/letsencrypt/live/
sudo chmod 710 /etc/letsencrypt/archive/
sudo chgrp genieacs /etc/letsencrypt/live
sudo chgrp genieacs /etc/letsencrypt/archive
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/privkey.pem
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/fullchain.pem

Get the renewal to auto restart the genieacs.ui you need to edit the /etc/letsencrypt/renewal/MyDomainExample.com.conf and add this as the last line

renew_hook = systemctl restart genieacs-ui

Test the renewal

sudo certbot renew --dry-run

Test gui with


You will also need this
#add a script containing the following and make it executable to the /etc/letsencrypt/renewal-hooks/post/ folder to auto change permissions on new certificates after renewal

chmod 710 /etc/letsencrypt/live/
chmod 710 /etc/letsencrypt/archive/
chgrp genieacs /etc/letsencrypt/live
chgrp genieacs /etc/letsencrypt/archive
chown genieacs /etc/letsencrypt/live/MyDomainExample.com/privkey.pem
chown genieacs /etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
echo “CertRenew $(date)” >> /var/log/certrenew