Oh, the webroot mode works well enough for me to use Let's Encrypt for Tilde Friends.

git-svn-id: https://www.unprompted.com/svn/projects/tildefriends/trunk@3384 ed5197a5-7fde-0310-b194-c3ffbd925b24

core/core.js

@@ -445,6 +445,15 @@ httpd.all("", function(request, response) {
 		return terminal.handler(request, response, match[1], match[2], match[3]);
 	} else if (request.uri == "/robots.txt") {
 		return terminal.handler(request, response, null, null, request.uri);
+	} else if ((match = /^\/.well-known\/(.*)/.exec(request.uri)) && request.uri.indexOf("..") == -1) {
+		var data = File.readFile("data/global/.well-known/" + match[1]);
+		if (data) {
+			response.writeHead(200, {"Content-Type": "text/plain", "Content-Length": data.length});
+			response.end(data);
+		} else {
+			response.writeHead(404, {"Content-Type": "text/plain", "Content-Length": "File not found".length});
+			response.end("File not found");
+		}
 	} else {
 		var data = "File not found.";
 		response.writeHead(404, {"Content-Type": "text/plain; charset=utf-8", "Content-Length": data.length.toString()});

tools/letsencrypt.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+# --config-dir, --logs-dir, and --work-dir
+
+
+#certbot certonly \
+#	--webroot \
+#	--webroot-path data/global/ \
+#	-d www.tildefriends.net \
+#	-d tildefriends.net \
+#	--config-dir data/global/letsencrypt/etc \
+#	--logs-dir data/global/letsencrypt/logs \
+#	--work-dir data/global/letsencrypt/work \
+#	--cert-path data/global/httpd/certificate.pem \
+#	--key-path data/global/httpd/privatekey.pem \
+
+certbot renew \
+	--webroot \
+	--webroot-path data/global/ \
+	--config-dir data/global/letsencrypt/etc \
+	--logs-dir data/global/letsencrypt/logs \
+	--work-dir data/global/letsencrypt/work \
+	--cert-path data/global/httpd/certificate.pem \
+	--key-path data/global/httpd/privatekey.pem \