Will renewal rewrite apache vhost conf files again?


#1

Yesterday I installed a lets encrypt certificate for a new domain (say, example.com) on my server, following this tutorial [1]. This was based on the client “letsencrypt”, from the Ubuntu repo, apparently an earlier version of the one now called “certbot”.

It added some rewrite lines into /etc/apache2/sites-available/example.com.conf, added a new file /etc/apache2/sites-available/example.com-le-ssl.conf , then enabled the new file.

Rewrites are not the best way so I had to revise the non-http file - commented the rewrite lines, added a redirect line. The file /etc/apache2/sites-available/example.com-le-ssl.conf was based on the original conf file and did not need any revision - however this was a simple one. When I repeat the procedure for other domains, well some of them have complex rewrite rules and I’m concerned about letsencrypt borking something if it messes with these files.

My question is, will the client rewrite conf files again at renewal time? If the answer is no then it’s safe to put a renew command on crontab - right?. If the answer is yes, I’ll have to attend to this manually every 90 days? Or is there a way to auto renew without changing config files?


#2

As far as I know, certbot leaves every ‘custom’ entry in the config file alone. It only checks if a certbot-like redirect is present and will not add a new one, even if you asked it to. Note: I do not know how and what certbot exactly checks when checking for the redirect rewrite rule it could or could not have added.


#3

Currently, certbot renew does not attempt to modify your server configuration at all.

If you don’t want Certbot to modify your web server configuration when initially obtaining a certificate, you can run with certbot certonly, which obtains (or renews) a single certificate without attempting to install or reinstall it. The default behavior of Certbot is otherwise to try to install the newly obtained certificate by editing your server configuration files, if Certbot knows how to do so.


#4

Thanks for the info! This is good for me, I’ll just set a cron job.


#5

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.