certbot: manual renew certificate

certbot.conf

server {
    include /etc/nginx/vhost.conf.d/*.conf;

    server_name zital.freemyip.com zital-pi.no-ip.org pi4 amule.zital.freemyip.com bermiotarra.zital.freemyip.com blog.zital.freemyip.com clock-canvas-js.zital.freemyip.com downloads.zital.freemyip.com itzultzaile-neuronala.zital.freemyip.com matematika-js.zital.freemyip.com sotapatroi.zital.freemyip.com transmission.zital.freemyip.com vpn.zital.freemyip.com mc.zital.freemyip.com

    root /var/www/html;
    location / {
        allow all;
    }
}

ssl.sh

#!/bin/bash

# disable ssl redirect
mv /etc/nginx/vhost.conf.d/ssl_redirect.conf  /etc/nginx/vhost.conf.d/ssl_redirect.conf.bak

# disable sites
rm -rf /etc/nginx/sites-enabled/*.conf

# enable certbot
ln -s /etc/nginx/sites-available/certbot.conf /etc/nginx/sites-enabled/certbot.conf

# restart nginx
/etc/init.d/nginx restart

# renew certified
HOST=zital.freemyip.com

certbot certonly --webroot -w /var/www/html/ \
-d $HOST \
-d amule.$HOST \
-d bermiotarra.$HOST \
-d blog.$HOST \
-d clock-canvas-js.$HOST \
-d downloads.$HOST \
-d girosur.$HOST \
-d itzultzaile-neuronala.$HOST \
-d matematika-js.$HOST \
-d sotapatroi.$HOST \
-d transmission.$HOST \
-d vpn.$HOST \
-d mc.$HOST

# enable sites
available="/etc/nginx/sites-available"
enabled="/etc/nginx/sites-enabled"

for file in $available/*
do
        basename=$(basename "$file")
        ln -sf ${available}/${basename} ${enabled}/${basename}
done

# disable certbot
rm -rf /etc/nginx/sites-enabled/certbot.conf

# recover redirect
mv /etc/nginx/vhost.conf.d/ssl_redirect.conf.bak  /etc/nginx/vhost.conf.d/ssl_redirect.conf

# restart nginx
/etc/init.d/nginx restart

ssl_redirect.conf

if ($server_port = 80) {
       return 302 https://$server_name$request_uri;
}