Importance of files in '/etc/letsencrypt' in a vhost setup?


#1

Background:
I have a dedidcated rhel 5 web hosting server that can’t use the official ACME client as it is considered too ‘old’ by letsencrypt staff, to support letsencrypt working on it directly in manual or auto mode.

(As a side note: “all” RHEL5 technically is missing is an openssl >= 0.9.8f - it is left with a openssl 0.9.8e with the standard redhat security backports applied, but not the ‘new’ feature ‘SSL_set_tlsext_host_name’ introduced in openssl 0.9.8f ) [see github issue #1333 at https://github.com/letsencrypt/letsencrypt/issues/1333)

So in order to work around this issue I used vagrant to bring up an ubuntu-trusty machine using the Vagrantfile provided in the letsencrypt github repo instead, with the addition of the ports 80 and 443 being redirected to the vagrant vm.

And then used the ‘letsencrypt-auto certonly’ method to get the new SSL cert into the ‘/etc/letsencrypt’ directories of the vagrant vm.

Question:
So my question is now what to do with the files under ‘/etc/letsencrypt’ of this vagrant virtual machine?

1. Should I sync them (copy over) with the main hosts ‘/etc/letsencrpyt’ files?

2. Can I re-use the vagrant vm to fire up under other vhosts on that web server to fetch the SSL certificats for other domains that are being hostd on different IPs? And when done still sync (speak copy over) the vm’s ‘/etc/letsencrpyt’ files to the main hosts ‘/etc/letsencrypt’ files? Or will this confise or ‘mess up’ the files under the ‘/etc/letsenrypt’ hierarchy.

What are the pros and cons of doing this?

Keeping in mind that at any point some of those domains might be moving over to anohter hoster somewhere that may or may not support letsencrypt for them? How easy would it be to ‘split off’ the right files for any one of those multiple vhost domains, to move them over to the new hoster? Would that aspect alone ‘dictate’ that I have to keep the ‘/etc/letsencrypt’ files tracked separately for each vagrant vm that I fire up for any other IP and domain combination?

I promise that I wil try to test and then document what you tell me and add it to the project, so others don;t have to ask the same questions. :wink: