SSL Configuration options


When using the automatic configuration a line like

Include /etc/letsencrypt/options-ssl-apache.conf

is included. The included file has CustomLog and ErrorLog entries. However I would much prefer to use my own values for these. I could edit the included file but would then lose the advantage of having the file automatically upgraded. It seems to me that the log entries should not be in that file but could be kept separately.




Why would Let’s Encrypt meddle with my Apache configuration in that way anyway?

In my opinion, it should only modify the SSLCertificateFile, SSLCertificateChainFile and SSLCertificateKeyFile. Why should it impose all those other things? At least give the client some opt-out option. Or better still: make it opt-in.

By the way, from the source file:

tweak to your needs


So you’ll probably are able to edit the file, i.e., delete the CustomLog and ErrorLog parts… But I’ve got no clue what will happen if the client updates itself. As of yet it doesn’t update the configuration file once it’s in place. But to the looks of it (see the issue referenced in the source), that’s probably gonna change…

All in all it’s a lot of meddling by Let’s Encrypt into the configuration of your webserver. I’ll probably be renewing my certificates by hand if they keep this up :sleepy: