I had been using the --standalone mode with certbot to try renewals nightly for a handful of domains. But it would take a few minutes to authenticate them all, which meant my sites were down for the duration every night. Not really desirable.
Trying to get the --webroot mode to work, which should put an auth token in the .well-known subfolder of each specified webroot so it can be served up by Apache. The difficulty I am running into is that I have some hostnames that are configured to do redirects in Apache.
Ultimately, I still need a valid cert for these hostnames so that folks can browse to https://www.domain.tld and securely receive the instruction to head elsewhere.
Right now my only proposed solution is to use either --pre-hook and --post-hook to run a script to disable all redirects in Apache’s configs and then put them back after certbot is done. But I am wondering if there is some more official solution within the sphere of LetsEncrypt. I am not having much luck with Googling because most phrases I search return results merely regarding redirecting http:// to https://