The operating system my web server runs on is (include version): Alma Linux 8.10
My hosting provider, if applicable, is:me
I can login to a root shell on my machine (yes or no, or I don't know):tes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):no The Proliant servers are in the office
The version of my client is (e.g. output of certbot --version or certbot-auto --version if you're using Certbot):1.22
I have two HP Proliant servers both run esx1 6.0
On server perseus I have certbot and the certificates.
On the same server there are two phpBB boards each on a virtual apache server. One is called support and the other is writers. The configurations for each virtual server are in /etc/httpd/conf.d support.conf and writers.conf
How do I get my certificate for corp to work on each server?
One the second Proliant running on ESXi 6.0 is a mail server
Postfix and Dovecot.
How do I get this server to use the Let's Encrypt certificates?
What happens when they renew? Will it renew all of them or must I do some manually (or with cron)?
How do you get any certificate to work in Apache? (Usually you need to point to the fullchain.pem certificate file and the corresponding key file in the VirtualHost configuration. Don't forget to reload after renewals.)
If you are asking how to use certificates obtained on one host on a separate host, the question may now become: "How do you copy other files between these hosts?"
I like rsync over ssh using keys myself. You can even restrict the commands that can be run by the ssh key you create for this role. Whatever routine you devise will need to be called by a deploy-hook and should trigger a reload of the services using the certificate.
Thanks, that helped but...
There must be some 'standard' directory or folder where you put the keys so the virtual apache servers can find them. That's something the docs don't tell me. There's a folder /etc/pki/tls/certs/ would that be the place? Or somewhere else. I like to put things where other people can find them after I snuff it. At 84 one is aware of one's mortality!
There are plenty of different "standard locations". I would consider using them from wherever certbot places them on the host that is running certbot.
The location on the other hosts may make more sense elsewhere. I recommend checking with the best practices for the OS that you are using. RHEL and derivatives may use a different location than Debian and derivatives, or any of the BSD systems.
Remember that you will have an explicit declaration in the application configurations that point to the certificate location, so it isn't hard to find even if it isn't where someone might expect it.