Using mod_md to manage Let's Encrypt certificates
I've been using certbot to manage my Let's Encrypt
certificates since I first started using them. Today, I switched to
using mod_md to simplify the whole process and remove one
dependency from my setup.
Read the friendly manual
There's not much color for me to add here. I pretty much just
followed the instructions. Specifically, I made sure I had the
prerequisites in place (many of which were already set up from my
certbot configuration). The main thing I needed to do to get ready
on CentOS 8 was install the mod_md package as root:
# dnf install mod_md
I then followed the instructions for migrating an existing https:
host. The only snag I ran into was that SELinux seemed to be
preventing httpd from reaching out to Let's Encrypt during the
initial setup phase (after enabling mod_md and restarting httpd
the first time). I was able to remedy that with this command:
# setsebool -P httpd_can_network_connect on
After restarting httpd again, the rest went as documented. Because
I prefer to have all traffic use HTTPS when possible, I added
the appropriate MDRequireHttps permanent line to my config as
well.
That was easy
I was nervous about switching over, and I put this off for a while. However, it ended up being about as simple as the instructions made it seem. Next, I might attempt switching to Caddy.
Addendum
I may be misunderstanding the exact intended behavior of
MDRequireHttps, but it doesn't seem to redirect all HTTP requests to
HTTPS on my server. I went ahead and added a more traditional
redirect to my main httpd.conf:
<VirtualHost *:80>
ServerName themayhaks.com
ServerAlias *.themayhaks.com
Redirect "/" "https://themayhaks.com/"
</VirtualHost>
That seems to do what I want.
"My eyes weaken looking upward.
Lord, I am oppressed.
Be my security."Isaiah 38:14b, WEB
Tags: how-to, server-info