Let's Encrypt, Apache2 - Editing vhosts properly

Solution 1:

I'm not sure what is the right answer of your question, but I would suggest you the following simplification:

1. Force all users to use HTTPS. The definition of the HTTP VirtualHost should look like this:

<VirtualHost *:80>

        ServerName example.com

        # Redirect Requests to HTTPS
        Redirect permanent "/" "https://example.com/"

        ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
        CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined

</VirtualHost>

In this way you will need maintain only the configuration of the HTTPS VirtualHost.

2. As soon as you generate "Let's Encrypt" ssl certificate files, describe them manually into the definition of the HTTPS VirtualHost:

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>

        ServerName example.com
        ServerAdmin [email protected]            

        SSLEngine on
        SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
        SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem

        ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
        CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined

        DocumentRoot /var/www/html    
        <Directory /var/www/html>
              # etc...
        </Directory>

        # etc...

    </VirtualHost>
</IfModule>

3. Insert the definitions of both VirtualHosts into a single configuration file:

<VirtualHost *:80>
        # etc...
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
        # etc...
    </VirtualHost>
</IfModule>

This file could be /etc/apache2/sites-available/example.com.conf.

4. Don't forget to a2dissite unnecessary VirtualHosts (respectively a2ensite the necessary ones) and restart Apache.

5. Edit root's crontab and add a job which will try to renew the certificates, every week, for example. Type sudo crontab -e and add this line at the bottom:

0 3 * * 0 /usr/bin/letsencrypt renew  >> /var/log/letsencrypt-renew.week-$(date +%W).log 2>&1

That's it.