Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
My domain is:
I ran this command:
certbot certonly --manual --preferred-challenges=dns --email dev.accounts@kitchencut.com --server https://acme-v02.api.letsencrypt.org/directory --agree-tos -d notsharingdomain.com
It produced this output:
Successfully received certificate.
Certificate is saved at: /etc/letsencrypt/live/notsharingdomain.com/fullchain.pem
Key is saved at: /etc/letsencrypt/live/notsharingdomain.com/privkey.pem
This certificate expires on 2024-07-10.
These files will be updated when the certificate renews.
My web server is apache 2.4
The operating system my web server runs on is ubuntu 22.04
I can login to a root shell on my machine: yes
The version of my client is: certbot 1.21.0Certbot):
I see this asked a lot, but from what i see people just lessen the security on the /etc/letsecrypt directory that is is wide open.
My question is, what does the certbot installer do that I can do manually so Apache can actually read the certs without breaking the permissions ? I have a large amount of sub domains so it would make sense to use a wildcard cert. I could use chmod 755 or 775 but that might not be the best practice.
There is very little information when you do it manually instead of auto. And like i said some of the things people do like chmod 777 just scares me.