Wrapper that facilitate manual renewal/issue of letsencrypt certificate using the certbot client
Olivier Mauras 762fd2ef6d Create BASEDIR if missing 3 years ago
etc/certbot First commit 3 years ago
README.md First commit 3 years ago
certbot_manual Create BASEDIR if missing 3 years ago
install.sh Keep a copy of config if it exists 3 years ago



This is a very simple wrapper that lets you automate certbot manual renewal of certificates as a non privileged user.


  • Automate certbot certificate renewal in manual mode
  • Allows non privileged user
  • Supports private key + full chain certificate concatenation
  • Supports service restart in FreeBSD jail


git clone https://git.mauras.ch/Various/certbot_manual.git
cd certbot_manual
sudo ./install.sh

sudo cat << EOF > {/usr/local}/etc/sudoers.d/certbot
certbot ALL=(ALL) NOPASSWD:/usr/bin/tee <full_path_of_destination_certificate>.pem
# If you use your certificate in a jail
certbot ALL=(ALL) NOPASSWD:/usr/sbin/jexec * service <service_name> restart

Configure /etc/certbot/config then run certbot_manual from your configured user.


sudo rm -rf /etc/certbot {/usr/local}/etc/sudoers.d/certbot /usr/bin/certbot_manual