MDomain example.org
<VirtualHost *:443>
ServerName example.org
DocumentRoot htdocs/a
SSLEngine on
# no certificates specification
</VirtualHost>
(you do need restarts/reloads to actually apply the provisioned certificates though, that part is up to you; I do it approx. daily since the startup is fast enough to not cause lots of downtime)
In short, in addition to having lots of useful modules, Apache has recently gotten the aforementioned ACME functionality, which makes it a bit more easy to use, like how web servers like Caddy also have "automatic HTTPS" functionality: https://caddyserver.com/
I'm yet to find a good self-hosted WAF solution, since mod_security doesn't seem popular or documented enough, even though it is better than nothing.
> That would be vastly superior to current certbot horror and as secure.
Have you looked at Apache's mod_md, which allows you to integrate with ACME providers without certbot?
Here's the documentation, it's available since Apache 2.4.30: https://httpd.apache.org/docs/2.4/mod/mod_md.html
Configuration example from the docs:
(you do need restarts/reloads to actually apply the provisioned certificates though, that part is up to you; I do it approx. daily since the startup is fast enough to not cause lots of downtime)I actually wrote a blog post about using Apache for that and other things, and moved my personal workloads over to it (still using Nginx and other servers at work): https://blog.kronis.dev/tutorials/how-and-why-to-use-apache-...
In short, in addition to having lots of useful modules, Apache has recently gotten the aforementioned ACME functionality, which makes it a bit more easy to use, like how web servers like Caddy also have "automatic HTTPS" functionality: https://caddyserver.com/
I'm yet to find a good self-hosted WAF solution, since mod_security doesn't seem popular or documented enough, even though it is better than nothing.