How can I automate letsencrypt certificates with apache and standalone authentication?

Question

I have many letsencrypt certificates with apache authentification. They are very well updated automatically.

I have one certificate (xmpp), that has standalone authentification. This one always fails because I have to stop apache in order to use it.

Now, to solve my problem I could add a cronjob that stops apache, runs certbot certonly -d xmpp.host.de --standalone --non-interactive and restarts apache. The problem is that in 99% I'm stopping apache without reason, because the cert isn't expired.

I didn't find a really good solution to that problem. How do you solve that?

Why don't you use dns authentication instead? or configure a vhost in apache that allows you to update the certificate? — Gerald Schneider, Sep 08 '18 at 12:32

score 1 · Accepted Answer · answered Sep 08 '18 at 12:39

Configure a vhost in apache for xmpp.example.com that is used by certbot for authentication. You don't have to place any actual content there. I use this to renew the certificate for dovecot.

I then use the renew-hook of certbot to restart or reload the correct service, depending on the domain that has been renewed. You can see a basic script for this in my answer here.

How can I automate letsencrypt certificates with apache and standalone authentication?

1 Answers1