> Am 22.04.2023 um 19:48 schrieb Patrick O'Callaghan
> <pocallaghan(a)gmail.com>:
>
> On Sat, 2023-04-22 at 18:27 +0200, Peter Boy wrote:
> >
> >
> > > Am 22.04.2023 um 14:11 schrieb Patrick O'Callaghan
> > > <pocallaghan(a)gmail.com>:
> > >
> > > I'm trying to set up a simple web server for personal use,
> > > using
> > > Apache, and want to enable HTTPS access. This involves getting
> > > an
> > > SSL
> > > certificate and I'll be using LetsEncrypt
> > > (
www.letsencrypt.org).
> > >
> > > The recommended way to do this is with Certbot, but I can't get
> > > past
> > > this error:
> >
> >
> > With apache you have the advantage that you don't need certbot at
> > all, but apache does everything itself with the help of the md
> > module. Configure as follows:
> >
> > # Letsencrypt certificate management via Apache mod_md
> > # By default, automatically all alternative names get included.
> > MDomain MY_DOMAIN.TLD
> > MDContactEmail ME(a)MY_DOMAIN.TLD
> > MDCertificateAgreement accepted
> > <VirtualHost *:443>
> > ServerName MY_DOMAIN.TLD
> > ServerAlias
www.MY_DOMAIN.TLD
> > ServerAlias demo.MY_DOMAIN.TLD
> > …
> > …
> > </VirtualHost>
> >
> > After adding the above configuration restart apache. Wait some
> > minutes and restart again. You should now see in the logs the
> > certificates.
> >
> > Apache cares about the 3-monthly renewing. You don’t need to do
> > anything.
>
> That's interesting, but seems to contradict what the LetsEncrypt
> site
> seems to say (as far as I understand it). How does Apache set up a
> certificate if it's only reachable via port 443, which requires a
> certificate?
Apache developed mod_md which is, among others, yet another
implementation of the certbot protocol, but manages everything inside
apache. The module knows it has to renew every 3 months and it
manages the communication with lets encrypt by its own. I didn’t
check, but - as it works - mod_md knows about the ports and chooses
the appropriate.
I should have send the complete config, it says further down:
<VirtualHost *:80>
# Production Web Site Fiction meets Science
ServerName MY_DOMAIN.TLD
ServerAlias
www.MY_DOMAIN.TLD
RewriteEngine On
RewriteRule ^(.*)$
https://MY_DOMAIN.TLD$1
[R=301,L]
</VirtualHost>