Hi there. It’s great to have this vivid support community for Let’s Encrypt.
I run several domains in VM’s on Ubuntu 16.04 and have already installed Certbot successfully via command line as root user.
I used certbot --apache which ran through almost successfully, but gave me a little headache:
Here is the output conclusion:
Created an SSL vhost at /var/www/conf.d/mymaindomain.net-le-ssl.conf
Deploying Certificate for mymaindomain.net to VirtualHost /var/www/conf.d/mymaindomain.net-le-ssl.conf Unsupported filesystem layout. sites-available/enabled expected.
IMPORTANT NOTES:
Unable to install the certificate
Congratulations! Your certificate and chain have been saved at
/etc/letsencrypt/live/apps4me.net/fullchain.pem. Your cert will
expire on 2017-09-20. To obtain a new or tweaked version of this
certificate in the future, simply run certbot again with the
"certonly" option. To non-interactively renew all of your
certificates, run “certbot renew”
[…]
For my various domains, I maintain different domain conf files in /var/www/conf.d/, which used to define the StartCom certificate files like this:
In /etc/letsencrypt/live/mymaindomain.net/, I see four symbolic links which point to the relevant .pem files in …/archive/mymaindomain/.
Now I wonder which of the four StartCom files should be replaced by which files generated by the Certbot. I don’t see any *.crt or *.key files in /etc/letsencrypt/.
Be sure to point to /etc/letsencrypt/live/. If you use the real files in /etc/letsencrypt/archive/, Apache will continue to use the old files after the certificate is renewed, and your site will go down after it eventually expires.
There are several popular file extensions for certificates and keys. .pem is, well, one of them. In any case, what really matters is what the files contain; they're all the same format.
Thank you so much for your quick and perfect reply. It works like a charme. All domains are up and running in secure HTTPS mode again, with the free LE certificate. Time for a big donation.
Now I will have to figure out how to renew the certificate chain in about 90 days, right?
Thank you for your hint, Patches.
As my ISP already informed me, installing Certbot on my Ubuntu server has already installed such a cronjob in /etc/cron.d/certbot - so I think I will have to wait until August 21 or 22 to see if it works as expected. My test using certbot renew --dry-run was fine.