acme.sh

// To install
export HOME=/root
wget https://raw.githubusercontent.com/acmesh-official/acme.sh/refs/heads/master/acme.sh
mkdir /etc/letsencrypt
bash acme.sh --install --cert-home /etc/letsencrypt/live
ln -fs /root/.acme.sh /home/acme

# Now reopen your terminal...

## Shut down your webserver
systemctl stop apache2
systemctl stop nginx
systemctl stop caddy
# or
caddy stop

domain=MY_DOMAIN

# Getting certs
## Standalone (Syntax: domain.tld) (Includes only the main domain, no subdomains) (No domain authendification required)
acme.sh --server letsencrypt --issue --domain $domain --standalone \
    --cert-file /etc/letsencrypt/live/${domain}_ecc/cert.pem \
    --key-file /etc/letsencrypt/live/${domain}_ecc/privkey.pem \
    --fullchain-file /etc/letsencrypt/live/${domain}_ecc/fullchain.pem
## Wildcard (Syntax: *.domain.tld) (Includes only subdomains, not the main domain) (Domain authendification required)
acme.sh --server letsencrypt --issue --domain *.$domain --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please \
    --cert-file /etc/letsencrypt/live/${domain}_ecc/cert.pem \
    --key-file /etc/letsencrypt/live/${domain}_ecc/privkey.pem \
    --fullchain-file /etc/letsencrypt/live/${domain}_ecc/fullchain.pem

# Renew certs
## Wildcard
acme.sh --server letsencrypt --renew --domain *.$domain --dns --yes-I-know-dns-manual-mode-enough-go-ahead-please

## For renewing domains after requesting for wildcards
mv /etc/letsencrypt/live/${domain}_ecc/$domain.cer /etc/letsencrypt/live/$domain/cert.pem
mv /etc/letsencrypt/live/${domain}_ecc/$domain.key /etc/letsencrypt/live/$domain/privkey.pem
mv /etc/letsencrypt/live/${domain}_ecc/fullchain.cer /etc/letsencrypt/live/$domain/fullchain.pem

## Now that the certificate(s) have been requested, restart your webserver:
systemctl start apache2
systemctl start nginx
systemctl start caddy
# or
caddy start

// To uninstall
rm -r /home/acme.sh /root/.acme.sh /usr/local/bin/acme.sh