Will Certbot ever update Apache SSL settings on renew?


I have a server that runs certbot renew every couple of days or so via a cronjob. My question is this, will certbot renew ever change the enabled TLS versions configured in Apache?


It depends.

If you used the--apache installer in Certbot, then Certbot will have installed a file at /etc/letsencrypt/options-ssl-apache.conf which controls the enabled TLS versions.

If you leave that file alone, Certbot will automatically update it over time.

If you modify the file, then Certbot will avoid overwriting your changes. In this case, it will be your responsibility to keep it up to date.


This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.