What’s the best practice for renewal for certbot if i.e. apache or nginx is already listening on 443?
Not using the standalone, but the apache, niginx or webroot plugin?
Using the standalone: /letsencrypt-auto renew
Do you insist of using the standalone authenticator and if so, why?
It would be nice to keep it separate. On our end we utilize a multitude of layers (e.g. nginx (for SSL tunnel) / varnish-cache, apache-generation).
Would the DNS challenge be more appropriate for you ?
DNS challenge would be sufficient.
That might be best then, Completely independent of your “servers” so no con conflicts, and (as long as you have an API for your DNS) can easily be automated. I find it works really well.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.