Letsencrypt halloween


#1

I am using Apache2 as reverse proxy with Tomcat. First time I got a certificate I chose
2: Place files in webroot directory (webroot)
And defined as webroot
2: /opt/tomcat/webapps/ROOT
But after that I was developing and deploying several WARs and seems as I deleted ROOT, so I lost some important files to renew the certificate. Because when I tried to renew it the process failed because my site was lacking some files:
.well-known/acme…

After that I did some other intents and in one of them, finally Letsencrypt give an option to renew it. I chosed redirect http to https and appeared a proxy-ssl-host-le-ssl.conf file in Apache and my server stop working.
Being I am a greenhorn with Letsencrypt and Apache and suspecting Letsencrypt changed my Apache configuration files I decided to delete my apache installation and start again from scratch. Now Apache is working as a proxy, but the next step is get a certificate and I am full of doubts about what to choose:

1: Apache Web Server plugin - Beta (apache)

2: Spin up a temporary webserver (standalone)

3: Place files in webroot directory (webroot)

I guess I have to choose 3 option and pass an Apache folder in order to keep the certificate out of my Tomcat ROOT to avoid, myself, deleting it again. But after my Halloween days before doing that I want to hear from some of you. Please tell me your opinion.


#2

Hi @lm2a,

I would suggest trying option 1, which is much simpler if it works in your configuration. This may depend on how recent your Certbot version is.


#3

I would suggest you handle the redirection manually; yourself.
Or you may end up breaking it again.


#4

Thanks to everybody. I know, Schoen, you are a guru, but finally I chose option 3, basically, because I had fear option 1 will be modifying my Apache2 configuration files. And as I told you, I am a greenhorn with Apache2. But this time I used /var/www/html as webroot, and no Tomcat’s webapps/ROOT. And I managed http -> https redirection manually. Currently seems as everything is working well.