I have had something of a frustrating time, receiving various errors at various times; I’ve had self-signed certificates that worked and didn’t work, and even one successful Let’s Encrypt certificate which stopped working and would then not renew (it is now expired). It doesn’t help that I have searched and can find NO start-to-finish setup list for people trying to set up SSH using Let’s Encrypt; everything seems to assume knowledge of one thing or another; frequently it’s assumed one has used SSH certs before and only needs to learn certbot. So I would like to start at the VERY beginning, walking through EVERY STEP of Apache/SSH/certbot configuration to not only ensure my own success, but hopefully leaving a breadcrumbed roadmap for people in the future who, like me, are only beginning to set up SSL and may have made mistakes with standard Apache configurations.
I have various domains on a CentOS7 server which require certificates, most of which are in different directories on the server. They are currently operating under Apache 2.2.15, standard HTTP on port 80. I have removed all of the <VirtualHost> containers to the conf.d directory (I’m an old guy used to having them all in httpd.conf, so this is a new thing to me).
Before dealing with SSH, I want to make sure my <VirtualHost>s are set up to what certbot expects; since there are many ways to set them up (even some “improper” setups are accepted by Apache), let’s make sure they are all consistent and set up in such a way that certbot won’t have any complaints with those.
So, some formats used:
<VirtualHost *:80> (port only, also seen as <VirtualHost \*:80>)
<VirtualHost 1.2.3.4> (the IPv4 address of the server)
<VirtualHost 1.2.3.4:80> (the IPv4 address of the server w/port)
<VirtualHost www.example.tld> (name of the virtual server)
<VirtualHost www.example.tld:80> (name of the virtual server w/port)
<VirtualHost *:*> (d*mn the torpedoes!)
For the time being, we will assume the DocumentRoot, ServerName, ServerAlias, and container are all correct. And yes, I understand some may be better for niche situations than others, but this is a “standard” server with virtual hosts not spread between machines, each contained in different directories on a single machine.
So which version of the VirtualHost container will cause certbot the least issues?