Certbot with Apache: Difference between revisions

Line 27:

</syntaxhighlight>...and then follow the instructions. The first command will give one the choice of having Apache configuration files changed. The latter command only obtains a certification. Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained. The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site. DNS is another method that can be used in the "challenge" process, but it is a bit more complex.

Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script". It creates it's own Apache configuration file (/etc/httpd/conf/httpd-le-ssl.conf) and adds an Include Directive in the httpd.conf file, so effectively it does change modify Apache settings even if it doesn't include a redirect in the HTTP section of a Virtual Server. If you want to avoid any chance of Certbot messing around with Apache

Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script". It creates it's own Apache configuration file (/etc/httpd/conf/httpd-le-ssl.conf) and adds an Include Directive in the httpd.conf file, so effectively it does change modify Apache settings even if it doesn't include a redirect in the HTTP section of a Virtual Server. If you want to avoid any chance of Certbot messing around with Apache.

===Enabling Automatic Certificate Renewal===

@@ Line 27: / Line 27: @@
 </syntaxhighlight>...and then follow the instructions.  The first command will give one the choice of having Apache configuration files changed.  The latter command only obtains a certification.  Remember, this has to be done on the server that hosts the web site as Certbot and Let's Encrypt require a "challenge" to be answered correctly for a certificate to be obtained.  The "challenge" question is a temporary file that certbot places in the directory of the web site (and deletes after the certificate is obtained) for the certificate issuing service to verify one is the owner of the web site.  DNS is another method that can be used in the "challenge" process, but it is a bit more complex.
-Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script".  It creates it's own Apache configuration file (/etc/httpd/conf/httpd-le-ssl.conf) and adds an Include Directive in the httpd.conf file, so effectively it does change modify Apache settings even if it doesn't include a redirect in the HTTP section of a Virtual Server.  If you want to avoid any chance of Certbot messing around with Apache
+Watch out for Certbot modifying the Apache configuration files, even if one declines the setting change in the "wizard / script".  It creates it's own Apache configuration file (/etc/httpd/conf/httpd-le-ssl.conf) and adds an Include Directive in the httpd.conf file, so effectively it does change modify Apache settings even if it doesn't include a redirect in the HTTP section of a Virtual Server.  If you want to avoid any chance of Certbot messing around with Apache.
 ===Enabling Automatic Certificate Renewal===