This month has been hell for me, trying to cancel the old server, get a refund, and learn how to use Let's Encrypt certbot since our SSL certs were nearing expiry and the website I had been using to issue them discontinued that particular service. I came up with my own method, and will share it for anyone facing a similar situation!
How to use certbot to get SSL certs for a server you can ssh into, but not run certbot on.
And run certbot as a non-privilaged user without sudo.
# STEP 1 - Setup Dirs for certbot and sshfs
mkdir -p /home/rei/SSL/config
mkdir -p /home/rei/SSL/work
mkdir -p /home/rei/SSL/logs
mkdir -p /home/rei/SSL/webroot/.well-known/acme-challenge
# STEP 2 - Use sshfs to make the local challenge files magically appear on your remote server
sshfs rei:/home/www/htdocs/.well-known/acme-challenge /home/rei/SSL/webroot/.well-known/acme-challenge
# STEP 3 - Run certbot with all the domains
certbot certonly --webroot --webroot-path /home/rei/SSL/webroot --config-dir /home/rei/SSL/config --work-dir /home/rei/SSL/work --logs-dir /home/rei/SSL/logs -d animecharactersdatabase.com -d www.animecharactersdatabase.com -d 18.animecharactersdatabase.com -d rei.animecharactersdatabase.com -d ami.animecharactersdatabase.com
# STEP 4 - Confirm success run of certbot output
IMPORTANT NOTES:
- Congratulations! Your certificate and chain have been saved at:
/home/rei/SSL/config/live/animecharactersdatabase.com/fullchain.pem
Your key file has been saved at:
/home/rei/SSL/config/live/animecharactersdatabase.com/privkey.pem
Your cert will expire on 2020-08-04. To obtain a new or tweaked
version of this certificate in the future, simply run certbot
again. To non-interactively renew *all* of your certificates, run
"certbot renew"
# STEP 5 - Upload your fullchain.pem and privkey.pem and updated nginx.conf
scp /home/rei/SSL/config/live/animecharactersdatabase.com/fullchain.pem root@rei:/home/www/etc
scp /home/rei/SSL/config/live/animecharactersdatabase.com/privkey.pem root@rei:/home/www/etc
scp nginx.conf root@rei:/home/www/etc
# STEP 6 - Unmount sshfs
fusermount3 -u /home/rei/SSL/webroot/.well-known/acme-challenge
# STEP 7 - Restart nginx