Let's Encrypt and Google offer free HTTPS certificates with auto renewal. Industry-wide all certificate validity periods will decrease to 47 days by 2029 (digicert). Below are some example scripts, the last of which should be called from cron. Noodle now has a built in setting to automatically setup certbot.
Settings
DOMAIN=noodle.example.com
EMAIL=me@example.com
PASS=example
DIR=/opt/Noodle/ACMEInitialize
. /opt/Noodle/settings.sh
apt install -y certbot
systemctl disable certbot
mkdir $DIR
certbot register --agree-tos --no-eff-email -m "$EMAIL"
certbot certonly --webroot \
--webroot-path $DIR \
--cert-name "$DOMAIN" \
-d "$DOMAIN"
/opt/Noodle/deploy.shDeploy
systemctl restart noodle.serviceRenew
. /opt/Noodle/settings.sh
certbot renew --webroot \
--webroot-path $DIR \
--cert-name "$DOMAIN" \
--deploy-hook /opt/Noodle/deploy.shCurrently Noodle must be restarted to reload the keystore.