Mail server + Web server autorenewal - how?

I’ve installed certificate for Apache web server, using “–apache” Certbot’s command.
Then I’ve used this certbot command to install certificate for mail server, physically located in the same system: “sudo certbot certonly --standalone -d”. Using it, I was asked to stop Apache web server to free port 80.
Here is my question: how to update both certificates automatically? What will happen when I’ll use “certbot update” command next time? Will it update web sites certificates only? If so, then can I add “”, pointed above to my web server’s virtual domains list? Will it allow certbot to update both mail.xxxx and www.xxxx certificates?
Or have you better solution for such automation?
-Thank you.

1 Like

You can use Apache also only for the authentication, as everything runs on the same server you’ve said.

certbot certonly -a apache -d

That should do the trick. You don’t need a virtualhost for that specific hostname, certbot will generate a temporary config for that. If you want, you can add more hostnames, for example:

certbot certonly -a apache -d -d -d

Whatever you like :wink:

1 Like

Thank you, of course I understand that I can send separate commands for every host.
My question was just about the renewal process. Say, now I have one certificate, installed with --apache key and another one, issued by “manually” using “certonly” command. What will happen when I’ll use “update” command? will both certs be updated? I’d like to setup a cron task. This is why I’m asking.

1 Like

Yes, you can just use certbot renew. However, you’ll probably need to reload your mail services. You can use --deploy-hook to execute a script to do that.

1 Like

Thank you for the explanation.
Is there any code sample I could use in order don’t invent a wheel?

I’m not familiar with off the shelf scripts, sorry. Although it shouldn’t have to be more than two lines: the reload commands aren’t that difficult :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.