Using Ubuntu 16.04 and apache2. I finally have a letsencrypt certificate up and working but …
I understood that installation would put a file into directory sites-available which would contain paths to the certificates. However it didn’t. I got the certificate working by editing the self-signed certificate default-ssl.conf as follows:
I think it would be more satisafctory if I could rename this file default-ssl.conf to mydomain.com-ssl.conf and change pointer(s) elsewhere to the ssl.conf file which is being used. Any advice for a newcomer to letsencrypt (but not to software)?? Thanks in advance.
certonly means "only obtain the certificate, don't run an installer". It's intended for people who don't want to use Certbot's certificate-installing functionality!
If you want Certbot to install the certificate in your Apache configuration, an appropriate variant of your command would be
Bear in mind that the standalone authenticator won't work if you already have Apache listening on port 80, unless you stop Apache before running Certbot.
In many configurations, you can use --apache instead of --standalone (and without certonly), like ./certbot-auto --apache. This automates a lot of things: it will try to obtain a list of domains from your Apache configuration, it will try to reconfigure Apache to pass the CA challenges, and it will try to install the certificate for you at the end of the process. --standalone (and -a standalone) are primarily intended for people who are running Certbot on a machine that doesn't already have a web server running.
Ah, that explains the problem, it was a mistake in Linode’s instructions, thank you.
Given the position now, where I have the certificate, but not (correctly) installed, should I stop Apache and start from scratch with
sudo -H ./letsencrypt-auto -a standalone -i apache -d example.com -d www.example.com
or is there a command to correctly install into Apache the certificate I already have and can see in /etc/letsencrypt/live/mydomain.com ??
First: do you want to stop Apache for every renewal? Probably not. If not, you could try the Apache authenticator with -a apache (and not -i standalone).
Secondly: if you run the client again, but now with -i apache, it should detect the current certificate in /etc/letsencrypt as valid and will ask you if you’d like to reinstall the certificate. If you choose yes, it will modify your Apache configuration and install the cert.
