Add section on using webroot

Add section on using webroot to serve the acme challenge rather than the apache plugin for those configs for which the apache plugin will not work.
jellyfin-archive · Apr 5, 2020 · 7c29bae · 7c29bae
1 parent 0a03dd0
commit 7c29bae
Showing 1 changed file with 18 additions and 0 deletions.
diff --git a/general/networking/letsencrypt.md b/general/networking/letsencrypt.md
@@ -13,6 +13,7 @@ Once the packages are installed, you're ready to generate a new certificate.
 
 ### Apache
 
+#### Certbot Apache Plugin
 After installing Certbot and the Apache plugin, certificate generation is accomplished by with the following command.
 
 ```sh
@@ -27,6 +28,23 @@ Add a job to cron so the certificate will be renewed automatically.
 echo "0 0 * * *  root  certbot renew --quiet --no-self-upgrade --post-hook 'systemctl reload apache2'" | sudo tee -a /etc/cron.d/renew_certbot
 ```
 
+#### Certbot Webroot
+##### Debian
+If the certbot apache plugin doesn't work with your config, use webroot instead.
+
+Add the following to your <VirtualHost> section after configuring it a reverse proxy:
+
+```conf
+DocumentRoot /var/www/html/
+#Do not pass the .well-known directory when using certbot and webroot
+ProxyPass /.well-known !
+```
+Run the certbot command as root:
+
+```sh
+sudo certbot certonly --webroot -w /var/www/html --agree-tos --email YOUR_EMAIL -d DOMAIN_NAME
+```
+
 ### HAProxy
 
 HAProxy doesn't currently have a Certbot plugin. To get around this, run Certbot in standalone mode and proxy traffic through your network.