What does the Apache plugin do? Magic?

There isn’t much information about the Apache plugin. I’m using Apache on Ubuntu 16.04 with multi-domain shared hosting and I keep all relevant data in a local database to generate Apache site config files from. I’ve read that certbot can do lots of funny tricks like HSTS and zero-config authentication. But I don’t believe any of this before somebody at least tries to explain to me how this is going to work. (After all I believe in physics, not magic.)

Where can I find that information, for both authentication and installation?

If it doesn’t exist, I must assume that certbot and my own scripts will overwrite each other’s changes frequently and I’d probably need to go the manual route with the webroot plugin and other required things (directory aliases) and move files and write config myself, including manual certificate expiry tracking for renewal.

In short the apache plugin reads the apache vhosts files ( to determines the list of domain names etc) and will write out a modified apache vhost file to include the details needed for SSL certs.

If you generate the vhost files from a local database, then there will almost certainly be a conflict ( since your script will not know what certbot has added and vice versa), so yes I’d recommend the webroot or similar method, and then add the config via your DB ( so that at least things are consistent).

You shouldn’t need to to do any manual certificate expiry tracking for renewal - certbot handles that well enough ( that’s not related to the apache plugin)

Depends which plugin you're using: when using the apache plugin, at renewal certbot will use that same plugin :wink: But it isn't when using the webroot plugin obviously no :slight_smile:

True - I could have written it better :slight_smile: I simply meant that if you use certbot with webroot, then the renewal, cert locations etc all happens automatically, so wouldn’t need to “move files” or “including manual certificate expiry tracking for renewal.” that the OP said.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.