diff --git a/certbot.cf b/certbot.cf
new file mode 100644
index 0000000..c811c1e
--- /dev/null
+++ b/certbot.cf
@@ -0,0 +1,94 @@
+#
+# Create SSL certificates using Letsencrypt
+#
+
+bundle agent certbot
+{
+vars:
+	"webroot" string => "$(wr)";
+	"renew" string => "$(rn)";
+
+	freebsd::
+		"certbot_dir" string => "/usr/local/etc/letsencrypt";
+		"exe" string => "/usr/local/bin/certbot";
+		"pkg" string => "py39-certbot";
+	debian::
+		"certbot_dir" string => "/etc/letsencrypt";
+		"exe" string => "/usr/bin/certbot";
+		"pkg" string => "certbot";
+
+defaults:
+	 "wr" string => "standalone";
+	 "rn" string => "";
+
+reports:
+
+}
+
+bundle agent install_certbot
+{
+
+packages:
+
+	freebsd::
+		"$(certbot.pkg)"
+			policy => "present",
+			package_module => pkg,
+			handle => "certbot_installed";
+	debian::
+		"$(certbot.pkg)"
+			policy => "present",
+			package_module => apt_get,
+			handle => "certbot_installed";
+}
+
+bundle agent certbot_cert(site,webroot,domain)
+{
+
+vars:
+	"site_json" string => storejson(@(site));
+	"args" string => string_mustache(
+			"-d {{domain}} {{#aliases}} -d {{.}} {{/aliases}}",
+			@(site)
+			);
+
+	"webroot_arg" string => ifelse( strcmp("$(webroot)","standalone"), 
+			"--standalone",
+                        "--webroot -w $(webroot)");
+
+files:
+	"$(sys.workdir)/data/certbot/$(site[domain])-cert-created"
+		create => "true",
+		content => "$(args)",
+		classes => if_repaired(certbot_repaired);
+
+classes:
+	"no_cert_file"
+	comment => "run certbot because no cert dir exists",
+	not => fileexists("$(certbot.certbot_dir)/live/$(site[domain])");
+
+	"run_certbot"
+	or => {no_cert_file, certbot_repaired};
+
+defaults:
+	 "webroot" string => "standalone";
+
+methods:
+	"any" usebundle => install_certbot;
+
+commands:
+	run_certbot::
+		"$(certbot.exe)"
+		depends_on => {"certbot_installed"},
+		handle => "certbot_dry_run_ok",
+		args => "certonly --dry-run --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
+
+	run_certbot::
+		"$(certbot.exe)"
+		depends_on => {"certbot_installed","certbot_dry_run_ok"},
+		args => "certonly --agree-tos -n $(webroot_arg) --expand --email $(site[email]) $(args)";
+
+reports:
+}
+
+
diff --git a/lib.cf b/lib.cf
new file mode 100644
index 0000000..dd8e18f
--- /dev/null
+++ b/lib.cf
@@ -0,0 +1,14 @@
+#
+#
+#
+
+body perms uperm(user,group,mode)
+{
+        mode => "$(mode)";
+        rxdirs => "false";
+        groups => { "$(group)" };
+        owners => { "$(user)" };
+}
+
+
+