# put in nginx server block, The Webroot plugin works by placing a special file
# in the /.well-known directory within your document root, which can be opened
# (through your web server)
location ~ /.well-known {
allow all;
}
# generating new cert with webroot
sudo letsencrypt certonly --webroot -w /srv/www/domain -d domain.com -d www.domain.com
# cert.pem: Your domain's certificate
# chain.pem: The Let's Encrypt chain certificate
# fullchain.pem: cert.pem and chain.pem combined
# privkey.pem: Your certificate's private key
# letsencrypt in a root cron tab
# letsnecrypt renewal
0 0 * * * letsencrypt renew >> /home/alexander/le-renew.log && service nginx reload
# removing certs
sudo letsencrypt revoke -d domain.com -d www.domain.com --cert-path /etc/letsencrypt/live/domain.com/cert.pem
# then remove actual files
sudo rm -rf /etc/letsencrypt/live/${DOMAIN}
sudo rm /etc/letsencrypt/renewal/${DOMAIN}.conf