remove webroot, standalone works better

+ improve security

lets-encrypt/activate-ssl.sh

@@ -198,17 +198,9 @@ then
 fi
 
 # Methods
-default_le="--rsa-key-size 4096 --renew-by-default --agree-tos -d $domain"
+# https://certbot.eff.org/docs/using.html#certbot-command-line-options
+default_le="--rsa-key-size 4096 --renew-by-default --no-eff-email --agree-tos --uir --hsts --server https://acme-v02.api.letsencrypt.org/directory -d $domain"
 
-webroot() {
-# Generate certs
-if eval "certbot certonly --webroot -w $NCPATH $default_le"
-then
-    echo "success" > /tmp/le_test
-else
-    echo "fail" > /tmp/le_test
-fi
-}
 standalone() {
 # Generate certs
 if eval "certbot certonly --standalone --pre-hook 'service apache2 stop' --post-hook 'service apache2 start' $default_le"
@@ -227,7 +219,7 @@ else
 fi
 }
 dns() {
-if eval "certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns --server https://acme-v02.api.letsencrypt.org/directory  $default_le"
+if eval "certbot certonly --manual --manual-public-ip-logging-ok --preferred-challenges dns $default_le"
 then
     echo "success" > /tmp/le_test
 else
@@ -235,7 +227,7 @@ else
 fi
 }
 
-methods=(webroot standalone dns)
+methods=(standalone dns)
 
 create_config() {
 # $1 = method
@@ -256,11 +248,7 @@ fi
 
 attempts_left() {
 local method="$1"
-if [ "$method" == "webroot" ]
-then
-    printf "%b" "${ICyan}It seems like no certs were generated, we will do 2 more tries.\n${Color_Off}"
-    any_key "Press any key to continue..."
-elif [ "$method" == "standalone" ]
+if [ "$method" == "standalone" ]
 then
     printf "%b" "${ICyan}It seems like no certs were generated, we will do 1 more try.\n${Color_Off}"
     any_key "Press any key to continue..."