Is it a good idea to use certbot apache plugin for non-apache servers?

The title looks weird, but this is what I mean: I’ve an Apache webserver and email server with Postfix + Dovecot. I use Let’s Encrypt for all that, but I’ve one certificate for all the domains that point to my server.

As of now, I’m using the standalone plugin for the only (multidomain) certificate. However, what if I use the apache plugin? is there any significant difference? will it affect the email server?

Thanks in advance.

Hi @Megver83,

The apache plugin will only work if you also have an apache server.

Each plugin in Certbot can provide the features of an authenticator (which can obtain certificates) and an installer (which can install the certificates by configuring a server application to use them).

If you specify --apache, it tries to do both (using Apache to obtain the certificates, then configuring Apache to use them for subsequent inbound connections).

If you specify -a apache, it only uses the authenticator. (This is sometimes used with certbot certonly.)

If you specify -i apache, it only uses the installer.

Once you’ve obtained a certificate, that certificate can be used by any server application, including by multiple server applications at the same time. So, the question is whether you have Apache actually running on the server—which apparently you do. In that case, you can potentially just use the apache plugin to obtain and install the certificate, and then manually edit the Postfix and Dovecot configurations so that they also use the same certificates. Currently Certbot is not shipping with Postfix or Dovecot installer plugins, although those should be available someday.

Could you explain a bit more that? I mean, what does it mean that it will configure Apache? The configuration files you say?

Normally Apache is configured by text files in /etc/apache2 (or other directories on some operating systems). The Apache plugin in Certbot finds these files and edits them for you (both in the course of obtaining the certificate, with -a, and in the course of configuring Apache to use it, with -i). The default behavior with --apache does both of these things.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.