Let's Encrypt, Apache2 - Editing vhosts properly
Solution 1:
I'm not sure what is the right answer of your question, but I would suggest you the following simplification:
1. Force all users to use HTTPS. The definition of the HTTP VirtualHost should look like this:
<VirtualHost *:80>
ServerName example.com
# Redirect Requests to HTTPS
Redirect permanent "/" "https://example.com/"
ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
</VirtualHost>
In this way you will need maintain only the configuration of the HTTPS VirtualHost.
2. As soon as you generate "Let's Encrypt" ssl certificate files, describe them manually into the definition of the HTTPS VirtualHost:
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName example.com
ServerAdmin [email protected]
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/live/example.com/chain.pem
ErrorLog ${APACHE_LOG_DIR}/example.com.error.log
CustomLog ${APACHE_LOG_DIR}/example.com.access.log combined
DocumentRoot /var/www/html
<Directory /var/www/html>
# etc...
</Directory>
# etc...
</VirtualHost>
</IfModule>
3. Insert the definitions of both VirtualHosts into a single configuration file:
<VirtualHost *:80>
# etc...
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
# etc...
</VirtualHost>
</IfModule>
This file could be /etc/apache2/sites-available/example.com.conf.
4. Don't forget to a2dissite unnecessary VirtualHosts (respectively a2ensite the necessary ones) and restart Apache.
5. Edit root's crontab and add a job which will try to renew the certificates, every week, for example. Type sudo crontab -e and add this line at the bottom:
0 3 * * 0 /usr/bin/letsencrypt renew >> /var/log/letsencrypt-renew.week-$(date +%W).log 2>&1
That's it.