[crumbshot]

I second your recommendation. After installing it on some of my now long-running servers back in 2016, I've only touched it a couple of times since. It's been working seamlessly since then.

Configuration was easy, I just ended up writing a simple shell script for the deploy challenge hook, to copy the certificates and reload configurations on nginx etc.

The two times I chose to intervene were straightforward too. The first was because of the ACME protocol upgrade, for which I just needed to drop in a newer copy of dehydrated, and rename references to its old name. The second was because I needed to configure the ACME DNS challenge to get a wildcard domain, and that just involved modifying the deploy challenge hook to temporarily run a custom DNS server that responded to the challenge.

I did take a look at certbot, or whatever it was called back then, and decided against it quite quickly due to the perceived complexity. Also I seem to recall it didn't support nginx properly.

After reading this user review, I'm quite glad I did that. Though I do wonder why the author persisted in using that client despite all the problems they were having with it, given the choices available in the wider Let's Encrypt ecosystem.