Assigning SSL certificates with certbot https://certbot.eff.org/lets-encrypt/ubuntuartful-apache for my new server was quite a pain. I installed good old apache2 and varnish in front of it. Like I learned back in 2012 or something. But assigning new certificates for this setup was quite hard as the automatic tool requires apache virtualhost to have port 80. I have port 8080 because Varnish is listening on 80.
So in order to do this, use the following command to issue certificate only:
certbot certonly -d domain.com -d www.domain.com --authenticator webroot -w /home/username/public_html/
Then use command certbot --apache to create the ssl files properly. Use option 2 for new sites to redirect all to HTTPS. Aaaaand ta-da it works. To confirm it is possible to renew domains run:
sudo certbot renew --dry-run
Also notice that if you have Varnish proxy or something else before your backend server, you might wanna use --staging parameter to try ssl certificate generation is successful. Like
certbot certonly -d domain.com -d www.domain.com --authenticator webroot -w /home/username/public_html/ --staging
For the future virtualhost files REMOVE redirects, these are generated with certbot:
<VirtualHost *:8080>
ServerAdmin email
ServerName domain.com
ServerAlias www.domain.com
DocumentRoot /blaablaaa
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
<Directory /blaablaa/>
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>
</VirtualHost>
