Allow custom configuration of https virtualhost

[mguillem]

Is there a way to provide a custom configuration for the https virtualhost?

letsencrypt generates the configuration for https as a copy of the configuration for the http virtual host just changing the port and adding the necessary stuff for https. This is not necessarily what is wanted. Configuring the https before letsencrypt certificates have been configured doesn't work either.

[mguillem]

It seems that providing a configuration for https without to enable it is enough: it gets activated once letsencrypt has run. Is this a feature or not?

[BirgerK]

Yes, letsencrypt uses it's own virtualhosts for https. This is the correct behaviour of the letsencrypt-client/certbot. After it did the "authentication" it disables it's ssl-virtualhosts and replace it with your - if existing - given https-virtualhost.

I can't see a way to do it else.

If you think it's a "bug" feel free to report it as a bug on the certbot-project. There you should provide a simple scenario which matches your bug.

This image uses the certbot without extending it anyway.

[mguillem]

Thanks for the answer.

What about a short info and a sample file in the README.md here? This would be very helpful.

[BirgerK]

Which info and sample-file do you mean? What shall it show?

ofc PRs are welcome :)

[mguillem]

Something like that would help:

<VirtualHost *:443>
    ServerName THE_DOMAIN
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    SSLCertificateFile /etc/letsencrypt/live/${VIRTUAL_HOST}/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/${VIRTUAL_HOST}/privkey.pem
    Include /etc/letsencrypt/options-ssl-apache.conf
</VirtualHost>

The 3 last lines are particularly important. Yesterday I couldn't find information about it and just discovered, that it was what letsencrypt generates.

[BirgerK]

ok, I see.

I'll add this later. Thanks! :)

[BirgerK]

Are you ok with the added hint?

[revolunet]

@mguillem what is in your "options-ssl-apache.conf" ?