Renewing Certifcates: Apache on Windows 10

Welcome to the community @brisray Terrific first post.

  1. You run certbot renew on a schedule to renew all your certs. It checks for expiry and by default renews 30 days before expiry. And, certbot renew --dry-run tests it
  2. Yes, 1 cert for each certbot command
  3. Yes, Apache needs at least a graceful reload (not a restart) to get fresh cert
  4. ECDSA is generally a good thing unless you have specific requirements for an RSA cert

Adding on to #3, you could use the certbot option --deploy-hook to run the command to reload Apache. If you use this option when you request the cert (certonly webroot) it will store that in the renewal conf file for use by the certbot renew command