Comment 17 for bug 1893274

We need a Bionic and a Focal system for that reachable from the Internet
with a DNS name.

I have created those test systems temporarily on canonistack (an
internal openstack service)

These notes are mostly for myself to re-do it once things land in proposed,
but also illustrate for everyone how this can be done.
# get Focal
$ openstack server create --key-name paelzer_canonistack-bos01 --flavor cpu2-ram2-disk10 --image 3eee21dc-0862-4181-b2cc-7ece13651edf bos01-amd64-certbot-focal
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-certbot-focal <IP>
# get Bionic
$ openstack server create --key-name paelzer_canonistack-bos01 --flavor cpu2-ram2-disk10 --image dffafdf1-8a98-4b7a-9809-6f9d406da38f bos01-amd64-certbot-bionic
$ openstack floating ip create net_external
$ openstack server add floating ip bos01-amd64-certbot-bionic <IP>
# open for 80/443
$ openstack security group rule create --dst-port 80 --protocol tcp default
$ openstack security group rule create --dst-port 443 --protocol tcp default

# I had no free DNS service at hand, but domains left
# So I created two DNS names for those two public IPs that I had
# Not sharing this here thou to keep my api key safe :-)
# I ended up with cb-test-focal.dd-dns.de / cb-test-focal.dd-dns.de which I
# can re-use for this and then will drop.

# get certbot (I'll use apache for testing)
$ sudo apt install python3-certbot python3-certbot-apache

# Get a ACMEv2 cert (current default)
$ sudo certbot --apache
# go along the questions and use the DNS you have set up

# modify the server endpoint to v1 manually
# thanks Brad for the suggestion
$ sudo sed -i -e 's/acme-v02/acme-v01/g' /etc/letsencrypt/renewal/*

# renew Cert (will try to use the patched v1 sever)
$ sudo certbot renew --force-renewal