Possible documentation error in certbot docs

paulhide · August 20, 2016, 4:53pm

First of all many thanks to all at letsencrypt, this is a huge leap forward for open source and free software.

I have a working letsencrypt certificate on my site.

The certbot docs imply that apache versions greater than 2.4.8 will accept a combined certificate and key file. I am running apache 2.4.10 on a debian jessie server and tried the single file approach, but it failed. I replaced the single SSLCertificateFile pointing to fullchain.pem with separate SSLCertificateFile and SSLCertificateKeyFile pointing to cert.pem and privkey.pem and all was well.

Has anyone else had a similar experience?

pfg · August 20, 2016, 5:12pm

That's not quite correct - apache >= 2.4.8 will accept a combined cert + chain file (called fullchain.pem with certbot), not a cert + key file. Older versions of apache need a separate SSLCertificateFile (pointing to cert.pem) and SSLCertificateChainFile (pointing to chain.pem) directive for the chain certificate. The SSLCertificateKeyFile directive pointing to privkey.pem is always needed.

Osiris · August 20, 2016, 5:53pm

Also, what docs are you referring to precisely? B/c if you’re saying something is incorrect there, it would be helpful if you actually linked the page in question

paulhide · August 21, 2016, 7:09am

Thanks very much for that clarification.

paulhide · August 21, 2016, 7:12am

Yes, good point, the docs are here https://certbot.eff.org/docs/using.html,
but thanks to pfg’s clarification this is probably no longer relevant.

Osiris · August 21, 2016, 7:49am

The docs are verified correct.

system · September 20, 2016, 7:49am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.