Installation manuelle = renouvellement manuel?

Bonjour,

Je suis en train de mettre en place un certificat Wildcard sur Ubuntu 18 / Apache en suivant la procédure https://certbot.eff.org/lets-encrypt/ubuntubionic-apache.

Cette procédure implique l’installation d’un plugin qui va modifier automatiquement les records DNS et la configuration Apache mais je préférerais modifier moi-même ces fichiers configurations (ils sont générés automatiquement pour des scripts).

En choisissant la méthode manuelle (https://certbot.eff.org/docs/using.html#manual), le mise à jour des certificats sera-t’elle aussi à effectuer manuellement tous les 3 mois ou le certbot s’occupera quand-même de mettre à jour mon certificat ?
Autrement dit, une fois l’installation manuelle faite, devrais-je re-intervenir plus tard ?

Cordialement, Gilles.

I really hope you can read in English.

You can use the dns plugin without the apache installer plugin.

Without the dns plugin, you will have to renew manually.

The apache installer plugin isn’t really that needed for the renewal, just add a --deploy-hook "systemctl reload apache2" to your certbot renew command.

(or in the appropriate file and format in /etc/letsencrypt/renewal)

OK, thank for your fast response !

1/ Is the apache installer plugin not to install named python-certbot-apache ?

2/ “Without the dns plugin, you will have to renew manually.”. Soo every time certbot need to update a certificate, it need to update the TXT record too ? The initial challenge is insufficient to prove the domain ownership ?

That package includes both the apache installer and the apache validator plugin (for http-01)

Yes, but you don't have to do it manually. The dns validator plugin can do that for you.

That expires after 30 days.

OK, thanks for your help !

Have a good day ^^

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.