I couldn’t find any laid out instructions for this and it’s missing from the install instructions so I thought I’d share.
This is without using Nginx or Apache2 so it was harder to find info on setting it up and I want the certs to renew automatically.
If you have nothing else running on port 80 you can run certbot in “standalone” mode. In standalone mode certbot will listen itself on port 80 for the authourization.
Make sure you have your domain name pointing at your servers IP
sudo apt update
sudo apt install certbot
Change MyDomainExample.com everywhere below to your domain name
sudo certbot certonly --standalone --preferred-challenges http -d MyDomainExample.com
Enter your email address when prompted and answer the questions.
Edit the /opt/genieacs/genieacs.env and add these 2 lines
GENIEACS_UI_SSL_CERT=/etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
GENIEACS_UI_SSL_KEY=/etc/letsencrypt/live/MyDomainExample.com/privkey.pem
These permissions need to be changed to allow Genieacs to access the certificate and key. Hopefully these stay set on renewal or I’ll have to script it to reset them each renewal.
sudo chmod 710 /etc/letsencrypt/live/
sudo chmod 710 /etc/letsencrypt/archive/
sudo chgrp genieacs /etc/letsencrypt/live
sudo chgrp genieacs /etc/letsencrypt/archive
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/privkey.pem
sudo chown genieacs /etc/letsencrypt/live/MyDomainExample.com/fullchain.pem
Get the renewal to auto restart the genieacs.ui you need to edit the /etc/letsencrypt/renewal/MyDomainExample.com.conf and add this as the last line
renew_hook = systemctl restart genieacs-ui
Test the renewal
sudo certbot renew --dry-run
Test gui with