I foobarred my initial request to participate as a couple domains were appended together so I had something like domain1.us.domain2.net. Attempting to correct the error when submitting the initial list resulted in an error…
After correcting the list and running it again, only one of the domains was actually submitted. Command run:
./letsencrypt-auto --agree-dev-preview --server
https://acme-v01.api.letsencrypt.org/directory auth
So try again… This time with just one domain since I noticed apache was not fully configured.
./letsencrypt-auto -d www.example.com run
It configured apache correctly for Mozilla’s intermediate crypto configuration, but the cert itself was foobarred, essentially a self signed cert.
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory auth -d www.example.com run
I surf to example.com and it looks like another foobarred cert, the cert was not valid example.com and is valid for www.example.com. I didn’t expect that!
OK, I’ll try another domain…
./letsencrypt-auto --agree-dev-preview --server https://acme-v01.api.letsencrypt.org/directory -d www.example.net -d example.net run
Success… Excellent!
Now how can I configure better crypto and redirect http automatically. ./letsencrypt-auto --help security shows:
security:
Security parameters & server settings
-B N, --rsa-key-size N
Size of the RSA key. (default: 2048)
-r, --redirect Automatically redirect all HTTP traffic to HTTPS for
the newly authenticated vhost. (default: False)
–strict-permissions Require that all configuration files are owned by the
current user; only needed if your config is somewhere
unsafe like /tmp/ (default: False)
The auto configuration sources /etc/letsencrypt/options-ssl-apache.conf, so a little editing and that should be good!
Let’s try another one with the --redirect option.
This run shows another issue, domain configurations are being read from /etc/apache2/sites-available/ rather than /etc/apache2/sites-enabled/ so letsencrypt-auto picked the wrong file and produced an error “Error: should be only one vhost”.
The --redirect doesn’t work: Existing Redirect present on HTTP vhost. Strangely testing another domain “Let’s Encrypt has already enabled redirection” but it did not enable the redirect.