Trying to automate certs from bash script

My domain is:

My web server is (include version): apache

The operating system my web server runs on is (include version): debian 9

My hosting provider, if applicable, is: scaleway

I can login to a root shell on my machine (yes or no, or I don't know): yes

I'm using a control panel to manage my site (no, or provide the name and version of the control panel): no

I ran this commands to issue certificates from a script :

apt-get install python-certbot-apache -t stretch-backports
service apache2 stop
certbot certonly --standalone --preferred-challenges http -d
service apache2 start

then i configured the virtualhost this way

<IfModule mod_ssl.c>

<VirtualHost *:443>
DocumentRoot "/home/usr/sysonline/web"
ErrorLog /home/usr/sysonline/error.log
CustomLog /home/usr/sysonline/access.log combined
<Directory /home/usr/sysonline/web>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted

Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/
SSLCertificateKeyFile /etc/letsencrypt/live/


Here are the problems.
When issuing certificates this way, ssl labs tells me that i have a grade B certificate.
When issuing with certbot automating install, there is auto-redirect from to,
and auto redirect from http to https
and i have grade A certificate.

So what is the difference?
Right now the domain is unavailable cause i am reinstalling the server and will retry to install manually but properly.

PS : the end tags / Directory> etc didn't past above


The grade B from does not mean there is a trouble with the cert, but means the server does not configured in it’s best condition.

If you are done with reinstall the server, I can help you to see what else is left to improve.

Thank you


yes, thank you verymuch done.
So i now am about to install certbot and try to issue a cert my way.
What should I change in the process?


I personally don’t think you need to change anything in this process.

Since ssllabs letter grade mainly focus on server and domain setup, not the quality of your certificate.

Thank you

i’m actualling installing a second server, i’ll install another domain on it following the certbot auto install
And on the other server i’ll install it my way and will try to check differences.

I noticed that with the certbot auto install they issues only one certificate for and
My way i have to deal with two certs.
I’ll let you know as soon as i finish installing both certs and we’ll check it out

If you want to include both (root domain) and (www version) in one certificate. Just run the program with both domain in arguments.

E.g. certbot -d -d will gave you one certificate include both domains.

However, I don’t think this would impact letter rating in

Thank you

1 Like

ok here is the certbot auto install

and here the manual install

I did it !

Ok i just installe with certbot, normal installation

then on the manual installation server, i did a manual install + i copy pasted the apache configuration file in lets encrypt folder than certbot left and now I am grade A that’s cool ^^
so now i can use that file to issue certs from bash script!

The Apache TLS settings “certbot --apache” sets up are derived from Mozilla’s “intermediate compatibility” configuration, for what it’s worth.

1 Like

One question remains.
Where are stored rules that says to redirect http to https so that i can do the same from a manual install without needing an htaccess file?

found it, that was actually htaccess rules in the no-ssl virtualhost

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.