The official setup instructions are well written and simple to follow but not safe enough for my taste. The Let’s Ecrypt page on the Arch Wiki also has most of the information required to get a working setup but does not care for security either.
So here is a non root, confined setup for
certbot, the official Let’s Encrypt client.
Although this was done on Arch Linux, this is probably generic enough to work on any
systemd enabled distribution.