urn:org:netkernel:fulcrum:frontendis a good choice
letsencrypt.xmlfile in the install/etc/ directory of your NetKernel installation with the form described below.
deploybutton on control panel
Extras > Let's Encrypt.
If you change the domains field to support more, or less, or different domains then it is best to delete the
[ install ]/letsencrypt/ directory and start fresh - otherwise LetsEncrypt gets confused about the conflict
This module creates a space that makes your web server host a directory containing secrets files that Let's Encrypt creates. Let's Encrypt's server look for these files on port 80 of your hosted domain and uses them to verify that you actually own and control the contents on it's server.
Once Let's Encrypt trusts your server to be who you say it is, it will generate an X509 certificate for you. This tool uses openssl to convert that certificate into a java keystore with a random password. The keystore is then registered in the fulcrums HTTPServerConfig.xml. After updating the configuration the HTTP server is restarted to pick up the new certificate.
Because Let's Encrypt certificates only last for 90 days they must be renewed frequently. This module provides a CRON job which runs every day to see if a new certificate needs generating. When it does it will be automatically deployed.
Certbot runs not as root; because of this it requires some filesystem directories as working space.
These are located inside the netkernel install directory
[ install ]/letsencrypt/. Deleting this
directory will reset Let's Encrypt back to factory state.