brushbox

Another thing that might be useful to mention is that since letsencrypt certs are only valid for 90 days we will want to auto renew. I played around with certbot-auto renew and it suggested I use certonly instead.

So I added the following to root's crontab:
* 3 15 * * /usr/local/bin/certbot-auto certonly -n --debug --pre-hook="service nginx stop" --post-hook="service nginx start" --standalone -d my.domain.example.com

• --debug was a requirement for using this on Amazon linux (so certbot-auto told me).
• -n runs it non-interactively
• the entry runs once a month, at 3AM on the 15th of each month. If I was concerned that there might be some outage and the jobs get missed (and I end up with an expired cert) then I could up the frequency. certbot won't do anything until the cert is due for renewal (after 60 days).
• I'm running nginx as a reverse proxy/SSL termination. It was easiest to bounce it so that certbot could authenticate in standalone mode (hence the --pre-hook and --post-hook).

@pstaight I just had the problem you mention when following the above. I didn't have virtualenv on my system...but I did have virtualenv-2.7 one quick ln -s /usr/bin/virtualenv-2.7 /usr/bin/virtualenv later and everything else worked beautifully.