-
-
Notifications
You must be signed in to change notification settings - Fork 350
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
In lieu of complete automation, provide better documentation #6
Comments
Right now my process is:
/etc/apache2/ssl.conf:
/etc/apache2/sites-enabled/[site].conf:
This example is Ubuntu / Apache; Nginx is similar but with a different configuration layout. |
So the "privkey.pem" is updated every time renew is run with the current one? The directory with all the keys (/etc/letsencrypt/keys) just keeps adding more. This was a non-obvious realization that I thought was super important to not breaking the site every time 'renew' is ran. |
For Nginx:
|
Added some more docs in the README based on work I'm doing for a separate project. |
See also, #12 — I'm doing a little testing with this for at least Nginx (and probably will work on Apache as well). |
tl;dr: #12 (comment) Closing this ticket in favor of follow-up to automate generation using --webroot (PR #38 already adds --standalone automated cert generation support.) |
I'm leery of letting automated software that's out of my control from managing my own config files, especially when it comes to crypto. While many people are better off letting LE/Certbot do everything for them (many of these people hand-edit config files on their servers—gasp!), I'd rather let Certbot work on cert redemption/renewal, and then I'll work on the actual Apache config.
I'd like to document my process, at least, so I can see where it's more automatable... and so others can see how simple/better the process is for further automation if we use Ansible to the greatest extent possible.
The text was updated successfully, but these errors were encountered: