How to get the options-ssl-*.conf files?

Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. https://crt.sh/?q=example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.

My domain is:

I ran this command:
apt-get update
apt-get install software-properties-common
add-apt-repository universe
add-apt-repository ppa:certbot/certbot
apt-get update
apt-get install certbot

It produced this output:
It was successful

My web server is (include version):
Nginx 1.14.2
Apache 2.4.18

The operating system my web server runs on is (include version):
Ubuntu 16.04

My hosting provider, if applicable, is:

I can login to a root shell on my machine (yes or no, or I don’t know): yes

I’m using a control panel to manage my site (no, or provide the name and version of the control panel): no

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot): 0.31.0

I installed certbot at our test environment and successfully managed to add certificates to several test domains. This installation automatically included /etc/letsencrypt/options-ssl-apache.conf, and as far as I understand, this file is automatically maintained by certbot?

Next I went on to install certbot at the production server which is running both Nginx and Apache for different ip adresses. At this server I would like to have both options-ssl-apache.conf and options-ssl-nginx.conf

But none of these files where added by the installation. So now I am wondering why the *.conf was added during installation at the test environment, and not the production environment.

As I see it, there are only 2 differences between these enviroments, that could affect the installation:

The test environment is based on Ubuntu 18.04 and the production is at Ubuntu 16.04

When installing certbot at the test enviroment, I did:
apt-get install certbot python-certbot-apache

When installing certbot in production, I did:
apt-get install certbot

I realized this and then tried to install python-certbot-apache and python-certbot-nginx thinking that maybe they were needed to get the conf files… but they were already installed.

I should note that I am generating my certificates with certonly and webroot. I am NOT using the apache and nginx plugins, since I do not want certbot to mess with my configuration files and restart webservers at will. I prefer to use hooks instead. But I would like the ability to include the options-ssl-*.conf files.

So my question is: How can I get the options-ssl-*.conf files added to the production environment the correct way? I don’t want to copy them from somewhere else since that would probably not make certbot maintain them, right?

1 Like

From the sounds of it, you inadvertently used one of the plugins (either the authenticator or the installer), at some point, in your test environment.

For example, this would trigger the creation or update of the options file:

certbot certonly -a apache -d example.org

but this would not:

certbot certonly -a webroot -d example.org -w /tmp

I don't think it's possible. The source files are shipped with the Apache and nginx plugins, but in a location that is subject to change. The nginx one is even more complicated because the file varies based on what Certbot detects about your nginx installation.

You could propose your case at Issues · certbot/certbot · GitHub if you think it's a good general purpose feature.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.