Dominic Cleal said:
Yes, it works well for me.
And it just has for me too, amazingly.
Read on for some of the problems before I reveal what worked :)
I used the Apache plugin to automatically reconfigure
my vhosts, which
worked pretty much correctly. This generated new HTTPS versions of the
vhosts and added a redirect to the HTTP version.
This is what I wanted to do. However, it complains about an error
parsing a different site's .conf file.
(It would be easier to show what went wrong with the various attempts,
but someone thought it was a good idea to overwrite the log file each
time you run certbot, rather than append to it.)
Using the webroot mode is also easy, as it works with
any web server
that serves files from the given webroot directory. You can then make
the HTTPS modifications to your web server's config after the
certificate's been retrieved.
Hmm, when I tried that, it 302s. From the Apache log file:
18.104.22.168 - - [28/Mar/2017:13:45:39 +0000] "GET
HTTP/1.1" 302 274 "-" "Mozilla/5.0 (compatible; Let's Encrypt
server; +https://www.letsencrypt.org)" 0
.. although I can create and read /.well-known/index.html
But because it deletes the acme-challenge and random name
subdirectories, there's no easy way to tell what's going on!
What's made it work is deleting the other site's .conf file. It wasn't
actually being used, but Apache had no problems with it.
I don't see a new version of vhosts - do you have your sites in a single
file, or in separate files in /etc/apache2/sites-available? - but it's
not difficult to do.
The package automatically sets up a renewal command in
Yes, this is one reason I wanted to do it this way.
help that the version there is older than the one covered by
the documentation at <https://certbot.eff.org/docs/using.html> - there's
no 'certificates' command, for example.
I don't think there are docs published for the older version, even on
the older readthedocs site, however cross-referencing with
In any case, I think the missing "certificates" command is probably the
main difference from the current version - there's no certificate list
command in 0.9.3.
Just to add to the annoyance, the Debian doc package wants to install a
file or even plain text.