I have a Problem. I use LetsEncrypt for my HTTPS Certificates and every Time i adding a new Cert or Update a existing one i must stop my HTTP Server on Port 80 and starting the LetsEncrypt Script.
I want to add new certs and update the old ones but without killing the Service on Port 80 (in my example Passanger).
Exactly how depends on your setup / configuration. LetsEncrypt basically needs to prove ownership of the domain by displaying given files on http / https ( in yourdomain.com/.well-known/acme-challenge/file ) so it should affect the normal running of your website. You will need to reload the configuration after getting the new certs, but that should generally be a reload rather than a stop and restart.
If you're using the Let's Encrypt client, you're probably using standalone mode right now, which does require you to stop the existing web server (because it provides an alternative/replacement for it for verification purposes). There are other modes that don't have this requirement, such as webroot and manual modes. If one of those modes works for you, it might address your concern.
There are also other clients out there
Some of them will also not require you to shut down your existing server, depending on the verification method used.
letsencrypt certonly --email asdf@asdf -d yourdomain --webroot --webroot-path /var/www/ (where /var/www is the folder which can be accessed at http://yourdomain/)
Just started messing about with letsencrypt for real today, and I had a problem like you where the domain was taken by an application. In my case I’m using nginx (apache should work the same) as a reverse proxy for my app running at port 9999.
Since nginx does the reverse proxy handling, it should also take care of the SSL termination. I think it makes sense.
I set up a location rule on my nginx config to handle the acme-challenges.
server {
listen 80;
server_name app.example.com;
location / {
return 301 https://$host$request_uri;
}
location /.well-known/acme-challenge/ {
root /opt/ssl-challenge/
}
}
# And a server for 443 ssl
This is a common folder on my server for all acme-challenges. When I now run my update script, letsencrypt puts some stuff in that acme-challenge-directory which is accessible alongside my running application. After switching out my certs with new ones, I simply run $ service nginx reload, which loads in my new certificates without the server ever going down.