Merge pull request #295 from rexbron/master

Add section on using webroot
jellyfin-archive · Apr 5, 2020 · 6170bd7 · 6170bd7
2 parents bb1d137 + 31446fb
commit 6170bd7
Showing 1 changed file with 22 additions and 0 deletions.
diff --git a/general/networking/letsencrypt.md b/general/networking/letsencrypt.md
@@ -13,6 +13,8 @@ Once the packages are installed, you're ready to generate a new certificate.
 
 ### Apache
 
+#### Certbot Apache Plugin
+
 After installing Certbot and the Apache plugin, certificate generation is accomplished by with the following command.
 
 ```sh
@@ -27,6 +29,26 @@ Add a job to cron so the certificate will be renewed automatically.
 echo "0 0 * * *  root  certbot renew --quiet --no-self-upgrade --post-hook 'systemctl reload apache2'" | sudo tee -a /etc/cron.d/renew_certbot
 ```
 
+#### Certbot Webroot
+
+##### Debian
+
+If the certbot apache plugin doesn't work with your config, use webroot instead.
+
+Add the following to your <VirtualHost> section after configuring it a reverse proxy:
+
+```conf
+DocumentRoot /var/www/html/
+#Do not pass the .well-known directory when using certbot and webroot
+ProxyPass /.well-known !
+```
+
+Run the certbot command as root:
+
+```sh
+sudo certbot certonly --webroot -w /var/www/html --agree-tos --email YOUR_EMAIL -d DOMAIN_NAME
+```
+
 ### HAProxy
 
 HAProxy doesn't currently have a Certbot plugin. To get around this, run Certbot in standalone mode and proxy traffic through your network.