The usual way for me is to give certbot write access to a directory in the HTTP root, so the server can keep running.
Comment on Decreasing Certificate Lifetimes to 45 Days
bss03@infosec.pub 2 weeks agoTechnically my renews aren’t automated. I have a nightly cronjob that should renew certificates and restart services, but when the certificates need renewal, it always fails because it wants to open a port I’m already using in order to answer the challenge.
I hear there’s an apache module / configuration I can use, but I never got around to setting it up. So, when the cron job fails, I get an email and go run a script that stops apache, renews certs, and restarts services (including apache). I will be a bit annoying to have to do that more often, but maybe it’ll help motivate me to configure apache (or whatever) correctly.
Debian Stable
Limonene@lemmy.world 2 weeks ago
eclipse@lemmy.world 2 weeks ago
You could try using the DNS challenge instead; I find it a lot more convenient as not all my services are exposed.
bss03@infosec.pub 2 weeks ago
While I do have some control over my DNS and can create arbitrary TXT entries, I can’t to that in an automated way easily. I’m using Gandi.net to host my DNS rather than running my own DNS sever(s).