In Cerbot’s Apache mod_rewrite for HTTP traffic to HTTPS golgongo establishes that certbot --apache will update a vhost .conf file to switch all of that vhost’s traffic from port :80 to :443, and then goes on to ask why this should be done at the vhost level and not in the server context (system-wide). The explanation is that some vhosts may not (yet) be covered by a certificate and thus still need to operate from port 80.
The logical progression then, is to ask, once we have progressively updated the server to the point where every domain has been secured:
1 wouldn’t it be best-practice to move the Redirect/Rewrite code into the server context?
2 once that was accomplished, instead of merely editing all of the port 80 vhosts to remove the redundant Redirect/Rewrite, wouldn’t it become possible to remove such .conf files entirely?
3 will the above still require an exception be coded for certbot renewals (on port 80)?
4 if a Redirect/Rewrite appears in the server context, isn’t it still possible to write a second command within the Vhost - or does that modified-URL ‘return’ to the server context before its destination (ie a circularity)?