=================================================================
  NOTES ABOUT LETSENCRYPT CERTIFICATES AND CERTBOT-AUTO SCRIPT
=================================================================

if you see this file, one or more certificates are produced
by letsencrypt (www.letsencrypt.org)

the official 'certbot-auto' is installed and updated, and to
simplify its use we provide the 'certbot-new' script, which uses
kusa db definition to run (see certbot-new.cfg file)

a montly cron is also installed, to automatically renew the
certs, running certbot-new (yes, may be used to obtain both new
and updated certs)

on changes the updated certs are installed using the "jtinstall"
util and the definitions contained in "install-certs" file (see
/etc/cron.montly/certbot-renew for details)


notes on changing domains list (aliases)
---------------------------------------0
if the domains list changes, certbot-auto will generate a new
settings set, starting numbering like domain-0001, -0002, etc;
those settings are stored in some subdirs of /etc/letsencrypt

usually the scripts will correctly manage version, but sometimes
they goes crazy, ie on renewal the certbot-auto script insist
to use the old settings, failing to check/renew the actual certs

on domain list changes is better to clean up all old settings,
and request a new cert (remember to backup /etc/letsencrypt dir,
before):

  # cd /etc/letsencrypt
  # rm -rf archive/* live/*
  # rm -rf csr/* keys/*

  # cd /etc/ssl
  # kusa-reconf -f srv-ssl-certbot
  # ./certbot-new

=================================================================
