LetsEncrypt

letsencrypt offers free HTTPS certificates with the limitation that you need to set them up to auto renew every ~3 months. Below are some example scripts that last of which should be called from cron.

Settings

DOMAIN=noodle.example.com
EMAIL=me@example.com
PASS=example
DIR=/opt/Noodle/ACME

Initialize

. /opt/Noodle/settings.sh
apt install -y certbot
systemctl disable certbot
mkdir $DIR
certbot register --agree-tos --no-eff-email -m "$EMAIL"
certbot certonly --webroot \
	--webroot-path $DIR \
	--cert-name "$DOMAIN" \
	-d "$DOMAIN"
/opt/Noodle/deploy.sh

Deploy

systemctl restart noodle.service

Renew

. /opt/Noodle/settings.sh
certbot renew --webroot \
	--webroot-path $DIR \
	--cert-name "$DOMAIN" \
	--deploy-hook /opt/Noodle/deploy.sh

Currently Noodle must be restarted to reload the keystore.