Hm, acmetool is pretty neat. It solves the letsencrypt certbot chicken and egg problem of having to set up an HTTP server without SSL first to receive the challenge, then having to redo your config to do SSL.
acmetool instead listens on port 80 and redirects non-LE requests to your real webserver, which only listens on 443.
It's also super-friendly to automation. I just set my Ansible site playbook up to grab an LE cert for the FQDN of any host I deploy in like 10min.