PLUGIN SUPPORT letsencrypt support five plugins to obtain/install certificates and many more to come in the future. However, we will only cover standalone plugin because apache plugin only works on Debian-based OS for now and nginx is still considered very experimental. OBTAINING CERTIFICATE USING STANDALONE PLUGIN Since Slackware is not yet supported, instead of running "letsencrypt-auto certonly" as instructed, you can run "letsencrypt certonly" to install certificates manually using standalone plugin. Here's what i use to create a certificate using port 443 for domain validation certbot certonly --webroot-path= --standalone-supported-challenges tls-sni-01 -d \ --email --renew-by-default --agree-tos --text --standalone If you want to use port 80 for domain validation, replace --standalone-supported-challenges tls-sni-01 with --standalone-supported-challenges http-01 NOTE: You need to make sure that the port (80 or 443) is NOT USED before running above command (ie. you may need to temporarily stop your exising webserver) All domain-spesific configuration files are stored in /etc/letsencrypt/live/ Once certificate is created, you need to enable and configure httpd-ssl.conf RENEWAL PROCESS Best way is to use a simple bash script that perform following actions: - turn off httpd service - give some delay (2s is enough) - run the above command to renew automatically - start httpd service RATE LIMIT Rate limit on registrations per IP is now 500 per 3 hours. Rate limit on certificates per Domain is now 20 per 7 days. CONFIGURATION FILES It is possible to specify configuration file with letsencrypt --config cli.ini (or shorter -c cli.ini). An example configuration file is shown below: # This is an example of the kind of things you can do in a configuration file. # All flags used by the client can be configured here. Run Let's Encrypt with # "--help" to learn more about the available options. # Use a 4096 bit RSA key instead of 2048 rsa-key-size = 4096 # Uncomment and update to register with the specified e-mail address # email = foo@example.com # Uncomment and update to generate certificates for the specified # domains. # domains = example.com, www.example.com # Uncomment to use a text interface instead of ncurses # text = True # Uncomment to use the standalone authenticator on port 443 # authenticator = standalone # standalone-supported-challenges = tls-sni-01 # Uncomment to use the webroot authenticator. Replace webroot-path with the # path to the public_html / webroot folder being served by your web server. # authenticator = webroot # webroot-path = /usr/share/nginx/html By default, the following locations are searched: /etc/letsencrypt/cli.ini $XDG_CONFIG_HOME/letsencrypt/cli.ini (or ~/.config/letsencrypt/cli.ini if $XDG_CONFIG_HOME is not set).