https://certbot.eff.org/docs/using.html
# certbot certonly --webroot -w /var/www/rewita/webroot -d tmp.rewita.pl -d crm.rewita.pl
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for tmp.rewita.pl
http-01 challenge for crm.rewita.pl
Using the webroot path /var/www/rewita/webroot for all unmatched domains.
Waiting for verification…
Cleaning up challenges
Generating key (2048 bits): /etc/letsencrypt/keys/0006_key-certbot.pem
Creating CSR: /etc/letsencrypt/csr/0006_csr-certbot.pem
IMPORTANT NOTES:
– Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/tmp.rewita.pl/fullchain.pem. Your cert will
expire on 2018-12-20. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again. To
non-interactively renew *all* of your certificates, run „certbot renew”