Best practices for issuing certificates for a server with both apache and nginx

#1

Iam running an ubuntu 16.04 server that has both apache and nginx. I installed certbot using apt-get install python-certbot-apache. Apache server now has a certificate.

Now I want to issue a certificate for the nginx web server.

Do I need to install certbot again with the apt-get install certbot command? Or will using the certbot certonly --webroot -w /var/www/example -d example.com command be ok.

#2

Hi @jenzo,

This is a slightly confusing request, because both servers can easily share the same certificate. There’s usually no reason that they shouldn’t. The certificates are not specific to one server either in content or in format, and we have to reach for pretty obscure scenarios to derive a security benefit from having the certificates be different.

You should be able to edit your nginx configuration to refer to the same certificate information within /etc/letsencrypt/live.

Or maybe the servers are serving different domains rather than the same domain. In that case, you can proceed with the webroot method that you mentioned above. (There’s also now a Certbot nginx plugin, but it might not be packaged in your operating system yet.)

#3

Yes sorry for the confusion, each server will have different domains. Since apache and nginx have different install commands, I just wanted to make sure there were would not be any conflicts or missing dependencies. Will try the webroot method for the nginx server now.

closed #4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.