Finally took the time to use certificates for codeminded.be and pvanhoof.be. Also the SMTP at mail.codeminded.be should now have a somewhat good TLS situation, too. But of course, whoever needed tell me something very secret … just met with me face to face. Duh.
Congratulations to the Let’s encrypt initiative for making it really, really easy.
That certbot couldn’t parse my default-ssl in available-sites. No idea why. But it wasn’t in enabled-sites. After removing that original debian-package file, it all worked fine.
They probably also want to post a checksum of that “wget https://dl.eff.org/certbot-auto” thing there. When downloading and executing things on my server I usually do want to quickly and easily check and double-check it all.
The tool is also not super easy to use for anything that isn’t HTTPS. Especially SMTPS comes to mind.