Citadel Let's Encrypt certificate authority setup

Signed TLS certificates are now available at no cost from the nonprofit Let’s Encrypt Certificate Authority. To use these on a Citadel system, you will need the Certbot utility installed.

export CIT_DOMAIN_NAME=mail.example.net

certbot certonly --agree-tos --non-interactive --text --rsa-key-size 4096 \
	--email admin@${CIT_DOMAIN_NAME} \
	--webroot --webroot-path /usr/local/webcit \
	--domains ${CIT_DOMAIN_NAME}
cp /etc/letsencrypt/live/${CIT_DOMAIN_NAME}/privkey.pem /usr/local/citadel/keys/citadel.key 
cp /etc/letsencrypt/live/${CIT_DOMAIN_NAME}/fullchain.pem /usr/local/citadel/keys/citadel.cer

Now create these two files.

cat /etc/letsencrypt/renewal-hooks/pre/citadel.sh

#!/bin/sh
docker stop citadel

# cat /etc/letsencrypt/renewal-hooks/post/citadel.sh

#!/bin/sh
cp /etc/letsencrypt/live/${CIT_DOMAIN_NAME}/fullchain.pem /usr/local/citadel/keys/citadel.cer
cp /etc/letsencrypt/live/${CIT_DOMAIN_NAME}/privkey.pem /usr/local/citadel/keys/citadel.key
wait
docker start citadel