0
Letsencrypt might be a cool thing, but I just don't like to run a script that does many unknown and undocumented (possibly irreversible) modifications to my production machines. I want to understand how it works and how to install it completely by hand, not using any automatic secret script or tools.
So I obtained the certificate using their tool and installed it to my apache by hand, in order to do that I had to temporarily shut it down and run their built-in webserver in order to verify that domain really belongs to me. Unfortunately whole letsencrypt has really very bad documentation which is all about automatic stuff that is just supposed to work out of box using some black magic or something, with no need for user intervention so it doesn't describe at all how it actually works under the hood :(
Now I figured out that in order to renew the certificate I would either need to shut down my web server again (that isn't going to happen) or I could install some special apache module, which I suppose lives here: https://github.com/letsencrypt/letsencrypt/tree/master/letsencrypt-apache unfortunately with absolutely no documentation on how to do that whatsoever.
All I could find was that if I ran their black magic tool with more options it would have install it for me. But I don't want that, I want to install it by hand, so that I know and see what I am actually changing in my system.
How do I do that? How can I compile the module and configure it so that it works? I understand that letsencrypt uses something called "ACME" in order to verify if domain belongs to you, but other than that I couldn't find any more information.
There is also the possibility of using DNS records to do your validation - depends on how your DNS is handled. See https://b3n.org/intranet-ssl-certificates-using-lets-encrypt-dns-01/
– ivanivan – 2017-03-21T18:09:19.290