Putting certificate files under apache2

Using Ubuntu 16.04 and apache2. I finally have a letsencrypt certificate up and working but …

I understood that installation would put a file into directory sites-available which would contain paths to the certificates. However it didn’t. I got the certificate working by editing the self-signed certificate default-ssl.conf as follows:

SSLCertificateFile /etc/letsencrypt/live/mydomain.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/mydomain.com/chain.pem

I think it would be more satisafctory if I could rename this file default-ssl.conf to mydomain.com-ssl.conf and change pointer(s) elsewhere to the ssl.conf file which is being used. Any advice for a newcomer to letsencrypt (but not to software)?? Thanks in advance.

How did you aquire the certificates? Which exact command did you use?

Because it depends on the used plugin and mode to you get the correct/modified Apache TLS configuration files.

ITo install the letsencrypt certificate I followed the the instructions at

I am installing on a VPS at Linode.com.
The specific command is
sudo -H ./letsencrypt-auto certonly --standalone -d example.com -d www.example.com

certonly means "only obtain the certificate, don't run an installer". It's intended for people who don't want to use Certbot's certificate-installing functionality!

If you want Certbot to install the certificate in your Apache configuration, an appropriate variant of your command would be

sudo -H ./letsencrypt-auto -a standalone -i apache -d example.com -d www.example.com

Bear in mind that the standalone authenticator won't work if you already have Apache listening on port 80, unless you stop Apache before running Certbot.

In many configurations, you can use --apache instead of --standalone (and without certonly), like ./certbot-auto --apache. This automates a lot of things: it will try to obtain a list of domains from your Apache configuration, it will try to reconfigure Apache to pass the CA challenges, and it will try to install the certificate for you at the end of the process. --standalone (and -a standalone) are primarily intended for people who are running Certbot on a machine that doesn't already have a web server running.

Ah, that explains the problem, it was a mistake in Linode’s instructions, thank you.
Given the position now, where I have the certificate, but not (correctly) installed, should I stop Apache and start from scratch with
sudo -H ./letsencrypt-auto -a standalone -i apache -d example.com -d www.example.com
or is there a command to correctly install into Apache the certificate I already have and can see in /etc/letsencrypt/live/mydomain.com ??

First: do you want to stop Apache for every renewal? Probably not. If not, you could try the Apache authenticator with -a apache (and not -i standalone).

Secondly: if you run the client again, but now with -i apache, it should detect the current certificate in /etc/letsencrypt as valid and will ask you if you’d like to reinstall the certificate. If you choose yes, it will modify your Apache configuration and install the cert.

You’re all brilliant! Problem solved, thank you.

Credits go to the developers of certbot :wink:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.