Certbot: Can't renew if 443 is in use


#1

What’s the best practice for renewal for certbot if i.e. apache or nginx is already listening on 443?


#2

Not using the standalone, but the apache, niginx or webroot plugin?


#3

Using the standalone: /letsencrypt-auto renew


#4

Do you insist of using the standalone authenticator and if so, why?


#5

It would be nice to keep it separate. On our end we utilize a multitude of layers (e.g. nginx (for SSL tunnel) / varnish-cache, apache-generation).


#6

Would the DNS challenge be more appropriate for you ?


#7

DNS challenge would be sufficient.


#8

That might be best then, Completely independent of your “servers” so no con conflicts, and (as long as you have an API for your DNS) can easily be automated. I find it works really well.


#9

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.