I just ran
certbot --apache certonly -d mydoma.in because automatic renewal was trying to use standalone but the port was not available. I got the following diff in my config:
@@ -9,6 +9,7 @@ fullchain = /etc/letsencrypt/live/mydoma.in/fullchain.pem
# Options used in the renewal process
account = 123456789101112131415
-authenticator = standalone
+authenticator = apache
server = https://acme-v02.api.letsencrypt.org/directory
key_type = rsa
+installer = apache
So why does the installer change when I select certonly? Or does that option mean something other than what I think?
Not a certbot expert, but I think your
--apache option conflicts with
--apache sets both the authenticator & installer to apache.
What you probably want is something like this:
certbot certonly --authenticator apache -d <domain>
From the docs:
--apache Use the Apache plugin for authentication & installation
-a AUTHENTICATOR, --authenticator AUTHENTICATOR
Authenticator plugin name. (default: None)
-i INSTALLER, --installer INSTALLER
Installer plugin name (also used to find domains).
Hi @_simon, and welcome to the LE community forum
The installer value in the renewal config is ignored for
renew command. Because of authenticator=apache it will make temp changes to your Apache config and reload Apache when complete.
Only certbot [run] and certbot install will update SSLCertificateFile in the web server configuration. Renewal will cause a web server reload only.
Since Certbot version 1.23.0, if an installer is specified, the installer plugin will reload that specific webserver, even when
certonly is used. See If an installer is provided to certonly, restart after cert issuance by wgreenberg · Pull Request #9184 · certbot/certbot · GitHub for more information.
So there is a difference between
certbot certonly --apache and
certbot certonly -a apache -i none.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.