I downloaded and installed certbot-auto with the Apache plugin. I noticed that it doesn’t recognize VirtualHost entries when there are multiple entries in one file, so I took the one virtual host I wanted to generate a certificate for, and placed it in a separate file. Certbot found it, successfully generated a cert for it and created a new virtual host in /etc/apache2/sites-available and enabled it. The entire process was quite simple, but long-term, I want to have all of this customer’s virtual hosts in a single file… so my question is, when I renew the certificate, is certbot going to need to modify the Apache config again? Should I just have used the certonly command and manually made changes to my Apache config?
certbot requires them in separate files, so yes, if you want to place all the virtualhosts in a single file it’s probably easier to use the certonly method and manually make changes to your apache config. As long as you refer to the certificates in /etc/letsencrypt/live/… then you shouldn’t need to update your apache config on renewal, simply reload apache to use the new certs.
Thanks. That makes sense…
I have some non-Apache servers too (IIS and Jetty), so I’ve set up a VPS that will only run certbot, and pull down renewals as necessary… I’ll generate the initial certs there too… and set up cronjobs on the Apache and Jetty servers (and a Windows scheduled task on the IIS server) to check for updates and pull down the updated certs via scp or rsync.
The only thing I’m not sure how to do yet is how to programatically import the new cert into the Windows certificate store and update the IIS vhosts. I know I can do it, just not sure how yet, but that’s outside the scope of this post…
Thanks again, and Happy New Year!
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.