*no need own /admin of domain , free service, renewal needed, must be root access on host live server*
sudo add-apt-repository ppa:certbot/certbot
sudo apt-get install certbot
(stop any service haprox or nginx running at port 80 temporarily)
sudo certbot certonly --standalone --preferred-challenges http --http-01-port 80 -d example.com -d www.example.com
asked to interactively answer below thats it - cert will be arrive
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/nostrweb.nostr.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/nostrweb.nostr.com/privkey.pem
This certificate expires on 2025-01-04.
These files will be updated when the certificate renews.
Certbot has set up a scheduled task to automatically renew this certificate in the background.
for using with haproxy below steps
DOMAIN='example.com' sudo -E bash -c 'cat /etc/letsencrypt/live/$DOMAIN/fullchain.pem /etc/letsencrypt/live/$DOMAIN/privkey.pem > /etc/haproxy/certs/$DOMAIN.pem'
nano sudo nano /etc/haproxy/haproxy.cfg
bind *:443 ssl crt /etc/haproxy/nostrweb.nostr.com
...
also note
sudo certbot renew --dry-run
sudo systemctl status certbot.timer
sudo chmod -R go-rwx /etc/haproxy/certs
