Copy the all the files belonging to this script to a suitable location, for
example /usr/local/letsencrypt. Create a directory .letsencrypt in your home
directory and copy /usr/local/letsencrypt/letsencrypt.conf to that directory.
Open letsencrypt.conf, change the account email address and key size according
to your needs. Add /usr/local/letsencrypt to your PATH environment variable.

Before you can request a certificate, you need to register an account at the
Let's Encrypt CA. You can do this via the command: letsencrypt register

When running the tool for the first time, it will create a Let's Encrypt
account key. Make sure you make a backup of this account.key file.

You can request a website certificate via: letsencrypt request <hostname>
A virtual host for <hostname> must be present in the webserver configuration
and you must have write access rights to its website root. The <hostname> must
be the first hostname for that virtual host. All other hostnames will be used
as alternative hostnames for the certificate. Wildcards are supported by Let's
Encrypt, but the can only be obtained via DNS challenges. Because that's not an
option for this script, they will not be used as an alternative name in the
certificate. Unless you specify a filename as the third parameter, the
requested certificate will be stored in the file <hostname>.pem. When
requesting a Let's Encrypt certificate, make sure your website is reachable via
HTTP (port 80). This is necessary because the Let's Encrypt CA will request a
file from it, which the script will create in the webroot in order to prove you
are the owner of that website.

After properly testing, open letsencrypt.conf, comment the testing CA hostname
(the LE_CA_HOSTNAME setting), uncomment the production CA hostname, register
your account key at the production server and request the final version of your
website certificate.

Certificates will be written to a file in the directory of this script. If you
run the script as user root, the certificate will be written to the directory
configured via the HIAWATHA_CERT_DIR setting.

To automatically renew certificates that are about to get expired, run the
letsencrypt tool with the parameter 'renew' as a cronjob of the user root. Add
the parameter 'restart' to automatically restart the webserver when one or more
certificates have been renewed. All certificates located in the
HIAWATHA_CERT_DIR directory and those referred to in the webserver
configuration will be renewed.

You can run a script when the certificate of a host is renewed. Create a script
in the RENEWAL_SCRIPT_DIR directory and give it the name of the hostname for
which it must be run. That script will be executed upon renewal of the matching
certificate.
