From 2632726680f692f1a33919012252deb579c7e950 Mon Sep 17 00:00:00 2001
From: brokebit <81174279+brokebit@users.noreply.github.com>
Date: Sun, 3 Jul 2022 23:38:47 -0500
Subject: [PATCH] Update letsencrypt.md (#768)

Added AWS Route53-specific instructions for enabling automatic certificate renewal.
---
 docs/letsencrypt.md | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/docs/letsencrypt.md b/docs/letsencrypt.md
index c4a288a..44152d4 100644
--- a/docs/letsencrypt.md
+++ b/docs/letsencrypt.md
@@ -152,8 +152,8 @@ This example shows that PiKVM may not be accessible from the internet, but you c
     
 4. Obtain the certificate:
    ```
-   # export AWS_SHARED_CREDENTIALS_FILE="/var/lib/kvmd/pst/data/certbot/runroot/.route53.auth"
-   # kvmd-certbot certonly \
+   export AWS_SHARED_CREDENTIALS_FILE="/var/lib/kvmd/pst/data/certbot/runroot/.route53.auth"
+   kvmd-certbot certonly \
        --dns-route53 \
        --agree-tos \
        -n \
@@ -161,4 +161,14 @@ This example shows that PiKVM may not be accessible from the internet, but you c
        -d pikvm.example.com
    ```
 
-4. Next follow the basic guide.
+4. Enable automatic certificate renewal:
+
+   Create the file: */etc/conf.d/kvmd-certbot* with the following contents so the renewall service can find the authentication file containing the AWS credentials:
+   ```
+   AWS_SHARED_CREDENTIALS_FILE="/var/lib/kvmd/pst/data/certbot/runroot/.route53.auth"
+   ```
+   
+   Now enable the renewal service:
+   ```
+   systemctl enable --now kvmd-certbot.timer
+   ```