Renew without stopping apache


#1

Hello,
I am looking for a solution to create and renew certificates let’s encrypt without stopping apache.
I did not know if this was really possible.
Do you have a solution?
thank you


Crontab auto-renew certificate failed
#2

It depends slightly how you created the certificates originally.

If you create them using either the webroot or apache plugin or the DNS challenge, then yes you can renew directly without stopping apache ( you will need to do a reload afterwards to start using the new cert, but if you do a reload rather than restart it doesn’t stop apache)

If you created the certs using “standalone” then a renew would want you to shut down apache. Simply create new certs using the apache, webroot or DNS challenge and you can then renew as above, without stopping apache.


#3

If you’re using Certbot, then the most popular and well-tested solution is going to be --webroot, specifying a web root directory where Certbot can write challenge files.

Edit: also, --apache will default to reconfiguring your certificates with the TLS-SNI-01 challenge but it will do a configuration reload, which you might consider as “stopping Apache”, though not in the way that --standalone requires.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.