LetsEncrypt & CertBot


./certbot-auto certonly --webroot -w /var/www/sites/bacononbree -d bacononbree.com -d  mail.bacononbree.com -d www.bacononbree.com \
 -w /var/www/exim4u -d mail.honeybadger.net -d mymail.honeybadger.net -d webmail.honeybadger.net -d pop.honeybadger.net -d imap.honeybadger.net

The trouble is that this certificate is used by dovecot and needs to cover bacononbree as well as honeybadger.net for incoming email.  If either domain fails to authenticate (for e.g. the web server is unable to write to the letsencrypt validation directory because it has been locked down to stop Wordpress vulnerabilities), the certificate does not renew and nobody can receive secure email.

Adding SSL to an Apache Site

Just run "sudo ~/bin/certbot-auto" and follow the prompts.