Let’s Encrypt is a free, automated, and open certificate authority (CA), run for the public’s benefit. Let’s Encrypt is a service provided by the Internet Security Research Group (ISRG). Let's Encrypt 
ISRG
As we've called for widespread use of HTTPS, the cost and complexity of the certificate system has been an obstacle. See Can Security be Beautiful
# SSH to server
The first thing you need to do is ssh to the server. On my server I use ssh keys which I need to sepcify like this:
cd ~/.ssh/ ssh -i root root@rest.livecode.world
followed by my long and complicated password :)
Certbot is inside a tmp directory so:
cd tmp/
# Certbot commands
Here are some useful commands to find out what is going on with the certificates installed on the server.
./certbot-auto certificates
The above command lists any certificates already installed. The output looks something like this:
--------------------------------------------------- Found the following certs: Certificate Name: livecode.world Domains: livecode.world Expiry Date: 2017-09-03 08:49:00+00:00 (VALID: 74 days) Certificate Path: /etc/letsencrypt/live/livecode.world/fullchain.pem Private Key Path: /etc/letsencrypt/live/livecode.world/privkey.pem ---------------------------------------------------
# Installation
The instructions below are for Install Let's Encrypt on Apache. We need to make some minor changes to Install Let's Encrypt on Nginx.
I had an old certificate installed which i needed to manually remove from:
nano /etc/apache2/sites-enabled/000-default.conf
I then issued the commands found by following the instructions found certbot.eff.org
* Docs certbot.eff.org
https://certbot.eff.org/docs/using.html#apache
# Upgrading the certificate
To upgrade the certificate manually you need to ssh to the server and issue the following commands to the certbot-auto script:
root@LiveWorld:~# cd tmp/ root@LiveWorld:~/tmp# ./certbot-auto --apache Upgrading certbot-auto 0.12.0 to 0.14.2... Replacing certbot-auto... Creating virtual environment... Installing Python packages... Installation succeeded. Saving debug log to /var/log/letsencrypt/letsencrypt.log Which names would you like to activate HTTPS for? ------------------------------------------------------------------------------- 1: livecode.world
and follow the instructions.
# Adding a subdomain
You can use __certonly__ or __run__ subcommands to request the creation of a single new certificate even if you already have an existing certificate with some of the same domain names.
If a certificate is requested with run or certonly specifying a certificate name that already exists, Certbot updates the existing certificate. Otherwise a new certificate is created and assigned the specified name.
__--expand__ tells Certbot to update an existing certificate with a new certificate that contains all of the old domains and one or more additional new domains.
cd tmp ./certbot-auto certonly --apache --expand -d livecode.world,www.livecode.world,rest.livecode.world
From the documentation: --expand "If an existing cert covers some subset of the requested names, always expand and replace it with the additional names."
Don't forget to restart the server to load the new certificates if you are running nginx.
# See also - Let's Encrypt Livecode - Caddy