Let's Encrypt

Cerbot

apachectl stop

bash-5.0# certbot certonly --standalone
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator standalone, Installer None
Enter email address (used for urgent renewal and security notices) (Enter 'c' to
cancel): nuxbsd@gmail.com
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Please read the Terms of Service at
https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf. You must
agree in order to register with the ACME server at
https://acme-v02.api.letsencrypt.org/directory
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(A)gree/(C)ancel: A
 
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Would you be willing to share your email address with the Electronic Frontier
Foundation, a founding partner of the Let's Encrypt project and the non-profit
organization that develops Certbot? We'd like to send you email about our work
encrypting the web, EFF news, campaigns, and ways to support digital freedom.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(Y)es/(N)o: Y
Please enter in your domain name(s) (comma and/or space separated)  (Enter 'c'
to cancel): nuxbsd.duckdns.org
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for nuxbsd.duckdns.org
Waiting for verification...
Cleaning up challenges
 
IMPORTANT NOTES:
 - Congratulations! Your certificate and chain have been saved at:
   /etc/letsencrypt/live/nuxbsd.duckdns.org/fullchain.pem
   Your key file has been saved at:
   /etc/letsencrypt/live/nuxbsd.duckdns.org/privkey.pem
   Your cert will expire on 2020-09-05. To obtain a new or tweaked
   version of this certificate in the future, simply run certbot
   again. To non-interactively renew *all* of your certificates, run
   "certbot renew"
 - Your account credentials have been saved in your Certbot
   configuration directory at /etc/letsencrypt. You should make a
   secure backup of this folder now. This configuration directory will
   also contain certificates and private keys obtained by Certbot so
   making regular backups of this folder is ideal.
 - If you like Certbot, please consider supporting our work by:
 
   Donating to ISRG / Let's Encrypt:   https://letsencrypt.org/donate
   Donating to EFF:                    https://eff.org/donate-le
 
 - We were unable to subscribe you the EFF mailing list because your
   e-mail address appears to be invalid. You can try again later by
   visiting https://act.eff.org.

quirks-3.325 signed on 2020-05-09T19:52:28Z
Ambiguous: choose package for sudo
a	0: <None>
	1: sudo-1.8.31
	2: sudo-1.8.31-gettext
	3: sudo-1.8.31-gettext-ldap
Your choice: 1
sudo-1.8.31: ok
--- +sudo-1.8.31 -------------------
Please see the /usr/local/share/doc/sudo/UPGRADE file for important
information about upgrading from a previous version of sudo.
 
Important user-visible changes compared to the version of sudo that
used to be in OpenBSD base (1.7.2p8) include:
 
 o The tty_tickets sudoers option is now enabled by default.
   To restore the old behavior (single time stamp per user),
   add a line like:
	Defaults !tty_tickets
   to sudoers.
 
 o  The HOME and MAIL environment variables are now reset based on the
    target user's password database entry when the env_reset sudoers option
    is enabled (which is the case in the default configuration).  Users
    wishing to preserve the original values should use a sudoers line like:
	Defaults env_keep += HOME
    to preserve the old value of HOME and
	Defaults env_keep += MAIL
    to preserve the old value of MAIL.

nano /etc/sudoers
 
# User privilege specification
root	ALL=(ALL) SETENV: ALL
aiko 	ALL=(ALL) ALL

Let's Encrypt