+<http://subgeniuskitty.com> and <http://logicavalanche.com>:
+
+ certbot certonly --agree-tos --email webmaster@subgeniuskitty.com --webroot -w /srv/apache_vhosts/subgeniuskitty.com/site/data/ -d subgeniuskitty.com -d www.subgeniuskitty.com
+
+<http://archive.subgeniuskitty.com> and <http://git.subgeniuskitty.com>:
+
+ certbot certonly --agree-tos --email webmaster@subgeniuskitty.com --webroot -w /srv/apache_vhosts/archive.subgeniuskitty.com/ -d archive.subgeniuskitty.com
+
+Edit `/etc/apache2/sites-available/subgeniuskitty.com`, adding the following
+`VirtualHost` definition that mostly copies the non-SSL entry.
+
+ <VirtualHost *:443>
+ SSLEngine on
+ SSLCertificateFile /etc/letsencrypt/live/subgeniuskitty.com/fullchain.pem
+ SSLCertificateKeyFile /etc/letsencrypt/live/subgeniuskitty.com/privkey.pem
+
+ ...copy of vhost definition for host *:80...
+ </VirtualHost>
+
+Edit `/etc/cron.d/certbot` and append `--renew-hook "systemctl reload apache2"`
+to the certbot invokation.
+
+Test with `certbot renew --dry-run`.
+
+Repeat the process for any other sites hosted on this server.
+
+Backup the `/etc/letsencrypt` folder off-server periodically.